[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UDP/123 policers & status

Subject: UDP/123 policers & status
From: ragge at kth.se (Ragnar Sundblad)
Date: Sun, 29 Mar 2020 00:09:37 +0100
In-reply-to: <[email protected]>
References: <[email protected]> <CA+2UFhmMt_c33Z8Gigw24rqnUWNzrsG=mSHKecMW-++cimLaBA@mail.gmail.com> <[email protected]>

> On 28 Mar 2020, at 23:58, Harlan Stenn <stenn at nwtime.org> wrote:
> 
>> Steven Sommars said:
>>> The secure time transfer of NTS was designed to avoid
>>    amplification attacks.
> 
> Uh, no.

Yes, it was.

As Steven said, â??The secure time transfer of NTS was designed to
avoid amplification attacksâ??. I would even say - to make it
impossible to use for amplification attacks.

> If you understand what's going on from the perspective of both the
> client and the server and think about the various cases, I think you'll
> see what I mean.

Hopefully, no-one exposes mode 6 or mode 7 on the internet anymore
at least not unauthenticated, and at least not the commands that are
not safe from amplification attacks. Those just can not be allowed
to be used anonymously.

> NTS is a task-specific hammer.

Yes.

Ragnar

Follow-Ups:
- UDP/123 policers & status
  - From: stenn at nwtime.org (Harlan Stenn)

References:
- UDP/123 policers & status
  - From: hgm+nanog at ip-64-139-1-69.sjc.megapath.net (Hal Murray)
- UDP/123 policers & status
  - From: bottiger10 at gmail.com (Bottiger)
- UDP/123 policers & status
  - From: stenn at nwtime.org (Harlan Stenn)

Prev by Date: UDP/123 policers & status
Next by Date: UDP/123 policers & status
Previous by thread: UDP/123 policers & status
Next by thread: UDP/123 policers & status
Index(es):
- Date
- Thread