[ntpwg] KISS codes
Danny Mayer
mayer at ntp.isc.org
Tue Jul 10 12:41:37 UTC 2007
Dave,
That PDF mentions something called a Call-Gap scheme. What is that? Is
it documented and is it implemented in the reference implementation?
Danny
David L. Mills wrote:
> Tony,
>
> The KoD filter is actually better than you think. In the abuses cited in
> http://www.eecis.udel.edu/~mills/database/brief/ptti/ptti04.pdf, only
> the last few tens of seconds was captured in the NIST and USNO servers.
> That was enough to catch the most abusive clients and punish them.
> Furthermore, as in other massive DoS attacks, the behavior when things
> get really nasty is to rely on probabilistic defenses. In the KoD filter
> a decision is made on a probabilistic basis whether to drop the most
> recent entry or prune the end of the list. This allows in effect new
> blood and prevents freezout of new abusers.
>
> Dave
More information about the ntpwg
mailing list