> The shocking thing about these DDoS-for-hire services is that — as I’ve reported in several previous stories — a majority of them are run by young kids who apparently can think of no better way to prove how cool and “leet” they are than by wantonly knocking Web sites offline and by launching hugely disruptive assaults. Case in point: My site appears to have been attacked this week by a 15-year-old boy from Illinois who calls himself “Mr. Booter Master” online.
enabling source filtering in all networks will essentially kill off these UDP amplification attacks, because the attacker wouldn't be able to spoof your address as the source address.
Is there a good reason for someone to want a high volume of NTP requests? How do the owners of these servers not share more of the blame for sending so much data at a web server?
It should be straight forward to implement a protocol that each NTP server won't send data to the same ip more than once every 10 seconds regardless of the number of requests.
It's already been fixed. Newer version of NTP don't reply with more data than it gets sent, so you can't use the server for amplification. It's servers that have not been updated that are issues.
Where do you drop the packets? If your filter is inside your own network, and your bottleneck is your network connection to the outside world, then you're out of luck.
If you can arrange with your upstream internet access provider for them to filter out junk before it hits the bottleneck, then great - but that involves cooperating with people, which may take some time.
> The shocking thing about these DDoS-for-hire services is that — as I’ve reported in several previous stories — a majority of them are run by young kids who apparently can think of no better way to prove how cool and “leet” they are than by wantonly knocking Web sites offline and by launching hugely disruptive assaults. Case in point: My site appears to have been attacked this week by a 15-year-old boy from Illinois who calls himself “Mr. Booter Master” online.