Return-path: Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwW5A-0007sE-Hf; Mon, 26 Nov 2007 00:00:32 -0500 Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IwW59-0007oZ-9z for dhcwg@ietf.org; Mon, 26 Nov 2007 00:00:31 -0500 Received: from mx05.gis.net ([208.218.130.13]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IwW55-000215-Sk for dhcwg@ietf.org; Mon, 26 Nov 2007 00:00:31 -0500 Received: from [10.10.10.101] ([63.209.224.211]) by mx05.gis.net; Sun, 25 Nov 2007 23:59:41 -0500 Message-ID: <474A521A.2090905@ntp.org> Date: Sun, 25 Nov 2007 23:56:58 -0500 From: Danny Mayer User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Ted Lemon Subject: Re: [ntpwg] [dhcwg] Re: Network Time Protocol (NTP) OptionsforDHCPv6 References: <200711260009.lAQ092va059077@drugs.dv.isc.org> <014d01c82fc6$6b1ecd70$6401a8c0@tsg1> <5C093633-A256-4059-AA10-1800F62F522A@fugue.com> <017901c82fd4$9cad3b70$6401a8c0@tsg1> <018501c82fd7$9ff707e0$6401a8c0@tsg1> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002 Cc: ntpwg@lists.ntp.org, dhcwg@ietf.org, Mark Andrews , TS Glassey , "Richard Gayraud \(rgayraud\)" X-BeenThere: dhcwg@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: dhcwg.ietf.org List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: dhcwg-bounces@ietf.org Ted, Let me try and outline the problem again and please come up with an idea which solves this. 1) The DHCP environment is divided into essentially two groups: Hardware like Netgear and Linksys routers and Software like ISC's DHCP Server and Nominum's Dynamic Configuration Server. IETF doesn't allow you to create a protocol which differentiate between these cases. The software side of the DHCP implementations are usually run by organizations for their internal use and are actively maintained. I have few worries about these since it's easy to deal with (relatively speaking) errors that the sysadmins make. The SOHO routers are different since the DHCP servers are built into the firmware and shipped in their 10's of thousands to individuals and small businesses who want wireless connections and routers but don't want to be in the business of configuring and maintaining them. So let's say Acme Routers ships a router with a builtin DHCP server which provides NTP server addresses to provide to the DHCP clients and they put just one address in it. Now say Starbucks gets all excited about how cheap they are and buys them for all their coffee stores. Now you have DHCP providing and amplication DDOS attack as all of those people sitting there laptops are all set up with the same NTP server address and sending NTP packets to the same NTP server. Note that in the UWisc/Netgear incident it was the NTP server built into the router that was the problem but it was only one server. Here we are having the router distributing the address to other systems which then do the dirty work and you'd get 10 times the effect of a Netgear incident. This is the problem that I'm trying to solve or rather mitigate. I refer you to the UWisc/Netgear incident paper that Dave Mills and Dave Plonka wrote: http://www.eecis.udel.edu/~mills/database/papers/ptti/ptti04a.pdf The brief slide version is here: http://www.eecis.udel.edu/~mills/database/brief/ptti/ptti04.pdf It also discusses the loads on a number of other servers inclusing NIST and USNO PHK's incident with D-Link is written up here: http://news.bbc.co.uk/2/hi/technology/4906138.stm I await your suggestions on how to prevent the routers becoming amplifiers via DHCP to bombarding NTP servers. Danny _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg