nanog mailing list archives
Re: UDP/123 policers & status
From: Saku Ytti <saku () ytti fi>
Date: Mon, 30 Mar 2020 12:11:58 +0300
On Mon, 30 Mar 2020 at 12:08, Harlan Stenn <stenn () nwtime org> wrote:
Are y'all seriously recommending that NTP always sends a max-sized packet as a client request so the client/server can send back an identical response?
I'm seriously recommending that, when the server cannot verify authenticity of packet, force attenuation by protocol design. See MinimaLT white paper, https://cr.yp.to/tcpip/minimalt-20131031.pdf ----- Given this, MinimaLT is designed to minimize amplification attacks, in which a request is smaller than its reply (to a spoofed source address). ---- -- ++ytti
Current thread:
- Re: UDP/123 policers & status, (continued)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
- Re: UDP/123 policers & status Harlan Stenn (Mar 28)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
- Re: UDP/123 policers & status Saku Ytti (Mar 29)
- Re: UDP/123 policers & status Harlan Stenn (Mar 30)
- Re: UDP/123 policers & status Saku Ytti (Mar 30)
- Re: UDP/123 policers & status Harlan Stenn (Mar 30)
- Re: UDP/123 policers & status Saku Ytti (Mar 30)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 30)
- Re: UDP/123 policers & status Harlan Stenn (Mar 30)
- Re: UDP/123 policers & status Saku Ytti (Mar 30)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 30)
- Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)