nanog mailing list archives

Re: UDP/123 policers & status

From: Harlan Stenn <stenn () nwtime org>
Date: Mon, 30 Mar 2020 01:56:18 -0700



On 3/30/2020 1:27 AM, Saku Ytti wrote:

On Mon, 30 Mar 2020 at 11:15, Harlan Stenn <stenn () nwtime org> wrote:

Please help me understand this.

Exactly how bad is it if the query and response packets are of a
different size?  Does it matter at 4 bytes?  32?


Presumably, if it's attenuation vector (1byte or more), presumably
attacker will use any of the other many vectors which are
amplification vectors or will directly attack from the zombie machines
they pwn. Since NST would have negative ROI on attack if there is
_any_ attenuation.


OK, and exactly how bad is a single byte attenuation, when compared
against the cost of 100% of all of the 1-byte shorter NTP packets being
made bigger to make the attenuation vector 0?

-- 
Harlan Stenn <stenn () nwtime org>
http://networktimefoundation.org - be a member!

Current thread:

Re: UDP/123 policers & status, (continued)
- - - Re: UDP/123 policers & status Harlan Stenn (Mar 28)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 28)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 28)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 28)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)
    - Re: UDP/123 policers & status Saku Ytti (Mar 29)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 30)
    - Re: UDP/123 policers & status Saku Ytti (Mar 30)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 30)
    - Re: UDP/123 policers & status Saku Ytti (Mar 30)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 30)
    - Re: UDP/123 policers & status Harlan Stenn (Mar 30)
    - Re: UDP/123 policers & status Saku Ytti (Mar 30)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 30)
    - Re: UDP/123 policers & status Ragnar Sundblad (Mar 29)