[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UDP/123 policers & status

Subject: UDP/123 policers & status
From: saku at ytti.fi (Saku Ytti)
Date: Mon, 30 Mar 2020 12:11:58 +0300
In-reply-to: <[email protected]>
References: <[email protected]> <CA+2UFhmMt_c33Z8Gigw24rqnUWNzrsG=mSHKecMW-++cimLaBA@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAAeewD_txaKBsai7w3Y-3+sx=O8jsWNvQHMddBGS=CgiHngNUw@mail.gmail.com> <[email protected]> <[email protected]>

On Mon, 30 Mar 2020 at 12:08, Harlan Stenn <stenn at nwtime.org> wrote:

> Are y'all seriously recommending that NTP always sends a max-sized
> packet as a client request so the client/server can send back an
> identical response?

I'm seriously recommending that, when the server cannot verify
authenticity of packet, force attenuation by protocol design. See
MinimaLT white paper, https://cr.yp.to/tcpip/minimalt-20131031.pdf

-----
Given this, MinimaLT is designed to minimize amplification attacks, in
which a request is smaller than its reply (to a spoofed source
address).
----

-- 
  ++ytti

References:
- UDP/123 policers & status
  - From: hgm+nanog at ip-64-139-1-69.sjc.megapath.net (Hal Murray)
- UDP/123 policers & status
  - From: bottiger10 at gmail.com (Bottiger)
- UDP/123 policers & status
  - From: stenn at nwtime.org (Harlan Stenn)
- UDP/123 policers & status
  - From: ragge at kth.se (Ragnar Sundblad)
- UDP/123 policers & status
  - From: stenn at nwtime.org (Harlan Stenn)
- UDP/123 policers & status
  - From: ragge at kth.se (Ragnar Sundblad)
- UDP/123 policers & status
  - From: stenn at nwtime.org (Harlan Stenn)
- UDP/123 policers & status
  - From: ragge at kth.se (Ragnar Sundblad)
- UDP/123 policers & status
  - From: saku at ytti.fi (Saku Ytti)
- UDP/123 policers & status
  - From: ragge at kth.se (Ragnar Sundblad)
- UDP/123 policers & status
  - From: stenn at nwtime.org (Harlan Stenn)

Prev by Date: UDP/123 policers & status
Next by Date: UDP/123 policers & status
Previous by thread: UDP/123 policers & status
Next by thread: UDP/123 policers & status
Index(es):
- Date
- Thread