[ntpwg] KISS codes
David L. Mills
mills at udel.edu
Tue Jul 10 14:46:36 UTC 2007
Danny,
I explained call-gap in another message on this thread which you will
see. For reasons explained in another message, a random early drop (RED)
scheme like call-gap is inappropriate as the mission is to shoot the
elephans until the forest is aafe for mice.
Dave
Danny Mayer wrote:
> Dave,
>
> That PDF mentions something called a Call-Gap scheme. What is that? Is
> it documented and is it implemented in the reference implementation?
>
> Danny
>
> David L. Mills wrote:
>
>> Tony,
>>
>> The KoD filter is actually better than you think. In the abuses cited in
>> http://www.eecis.udel.edu/~mills/database/brief/ptti/ptti04.pdf, only
>> the last few tens of seconds was captured in the NIST and USNO servers.
>> That was enough to catch the most abusive clients and punish them.
>> Furthermore, as in other massive DoS attacks, the behavior when things
>> get really nasty is to rely on probabilistic defenses. In the KoD filter
>> a decision is made on a probabilistic basis whether to drop the most
>> recent entry or prune the end of the list. This allows in effect new
>> blood and prevents freezout of new abusers.
>>
>> Dave
>
More information about the ntpwg
mailing list