Re: [Ntp] [EXT] Re: NTPv5 KISS code support

Hal Murray <halmurray+ietf@sonic.net> Fri, 01 December 2023 22:09 UTC

Return-Path: <halmurray+ietf@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1347FC14F5EA for <ntp@ietfa.amsl.com>; Fri, 1 Dec 2023 14:09:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OzMOaBuf_EC for <ntp@ietfa.amsl.com>; Fri, 1 Dec 2023 14:09:36 -0800 (PST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9645C14F5F1 for <ntp@ietf.org>; Fri, 1 Dec 2023 14:09:36 -0800 (PST)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (104-182-38-69.lightspeed.sntcca.sbcglobal.net [104.182.38.69]) (authenticated bits=0) by c.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 3B1M9YeQ025615 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 1 Dec 2023 14:09:35 -0800
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id C32B528C1C3; Fri, 1 Dec 2023 14:09:34 -0800 (PST)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8
To: Daniel Franke <dfoxfranke@gmail.com>
cc: Hal Murray <halmurray+ietf@sonic.net>, NTP WG <ntp@ietf.org>
From: Hal Murray <halmurray+ietf@sonic.net>
In-Reply-To: Message from Daniel Franke <dfoxfranke@gmail.com> of "Wed, 08 Nov 2023 08:44:41 -0500." <CAJm83bByex7nox2YJAnC2bkGxHS-f2BEWphpiDS+idbh+2bVGQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 01 Dec 2023 14:09:34 -0800
Message-Id: <20231201220934.C32B528C1C3@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVaFahhVv5Hv9kMtabBJ/bMz4rf5sFVs1QqN/thkrgI0bz74EiLsFgMZt+akZ2O1HP52+8wF5e2wh5DVITe3V1mA1v0slMPCs3o=
X-Sonic-ID: C;jImIT5aQ7hGCCi5nR+6Zsg== M;CD+dT5aQ7hGCCi5nR+6Zsg==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/sSD1VS7_AM_mfFKOWyUG5pplBuo>
Subject: Re: [Ntp] [EXT] Re: NTPv5 KISS code support
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2023 22:09:41 -0000

> Seconding Miroslav, reflectors per se aren't a security problem; they become
> one if and only if they amplify traffic. Every host on the Internet that has
> a TCP stack, open ports or no, is already a non-amplifying reflector and
> nobody thinks this is a problem. 

Thanks.

I'd like to understand why reflection without amplification is not a problem.

Do you know of any good talks or papers that cover this area?  Or mailing 
lists?

I watched a couple of NANOG talks.  Both mentioned UDP/reflection but didn't 
get into any details or mention amplification in that context.

Is it simple technology/economics?  The bad guys have cheaper ways to generate 
traffic?

Are botnets cheap enough that there is no need to hide by using reflection 
without amplicication?


-- 
These are my opinions.  I hate spam.