nanog mailing list archives
Re: UDP/123 policers & status
From: Harlan Stenn <stenn () nwtime org>
Date: Sat, 28 Mar 2020 16:35:06 -0700
Ragnar, On 3/28/2020 4:09 PM, Ragnar Sundblad wrote:
On 28 Mar 2020, at 23:58, Harlan Stenn <stenn () nwtime org> wrote:Steven Sommars said:The secure time transfer of NTS was designed to avoidamplification attacks.Uh, no.Yes, it was. As Steven said, “The secure time transfer of NTS was designed to avoid amplification attacks”. I would even say - to make it impossible to use for amplification attacks.
Please tell me how. I've been part of this specific topic since the original NTS spec. For what y'all are saying to be true, there are some underlying assumptions that would need to be in place, and they are clearly not in place now and won't be until people update their software, and even better, tweak their configs.
If you understand what's going on from the perspective of both the client and the server and think about the various cases, I think you'll see what I mean.Hopefully, no-one exposes mode 6 or mode 7 on the internet anymore at least not unauthenticated, and at least not the commands that are not safe from amplification attacks. Those just can not be allowed to be used anonymously.
But mode 6/7 is completely independent of NTS. It's disingenuous for people to imply otherwise.
NTS is a task-specific hammer.Yes. Ragnar
-- Harlan Stenn <stenn () nwtime org> http://networktimefoundation.org - be a member!
Current thread:
- Re: UDP/123 policers & status, (continued)
- Re: UDP/123 policers & status Damian Menscher via NANOG (Mar 18)
- Re: UDP/123 policers & status Steven Sommars (Mar 19)
- Re: UDP/123 policers & status Hal Murray (Mar 23)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 27)
- Re: UDP/123 policers & status Saku Ytti (Mar 27)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 27)
- Re: UDP/123 policers & status Roland Dobbins (Mar 28)
- Re: UDP/123 policers & status Bottiger (Mar 28)
- Re: UDP/123 policers & status Harlan Stenn (Mar 28)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
- Re: UDP/123 policers & status Harlan Stenn (Mar 28)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
- Re: UDP/123 policers & status Harlan Stenn (Mar 28)
- Re: UDP/123 policers & status Harlan Stenn (Mar 28)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
- Re: UDP/123 policers & status Harlan Stenn (Mar 28)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
- Re: UDP/123 policers & status Saku Ytti (Mar 29)
- Re: UDP/123 policers & status Harlan Stenn (Mar 30)
- Re: UDP/123 policers & status Saku Ytti (Mar 30)
- Re: UDP/123 policers & status Harlan Stenn (Mar 30)