nanog mailing list archives

Re: UDP/123 policers & status

From: Saku Ytti <saku () ytti fi>
Date: Mon, 30 Mar 2020 12:11:58 +0300

On Mon, 30 Mar 2020 at 12:08, Harlan Stenn <stenn () nwtime org> wrote:

Are y'all seriously recommending that NTP always sends a max-sized
packet as a client request so the client/server can send back an
identical response?


I'm seriously recommending that, when the server cannot verify
authenticity of packet, force attenuation by protocol design. See
MinimaLT white paper, https://cr.yp.to/tcpip/minimalt-20131031.pdf

-----
Given this, MinimaLT is designed to minimize amplification attacks, in
which a request is smaller than its reply (to a spoofed source
address).
----

-- 
  ++ytti

Current thread:

Re: UDP/123 policers & status, (continued)
- - - Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 28)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
    - Re: UDP/123 policers & status Saku Ytti (Mar 29)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 30)
    - Re: UDP/123 policers & status Saku Ytti (Mar 30)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 30)
    - Re: UDP/123 policers & status Saku Ytti (Mar 30)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 30)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 30)
    - Re: UDP/123 policers & status Saku Ytti (Mar 30)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 30)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)