top | item 15916212

(no title)

I'm a bit rusty, but I believe the way NTP works (at least the reference version which is commonly used) is that if a client sends too many requests in a short time, they are ignored except to reply with a "back off packet" which is called the KoD (Kiss of death) in NTP terms.

Security audits have found some issues with abusing the KoD so I'm not sure if it still works like that or if it tends to be disabled. (I was on one of the teams doing the audit, I found the "Skeleton Key" defect)

https://www.eecis.udel.edu/~mills/ntp/html/rate.html#kiss

If you wanted to help the server deal with DoS even better, I would guess the best solution is to put a rate limiting firewall in front of it.

discuss

No comments yet.