-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2/14/2014 10:22 AM, Wayne E Bouchard wrote:
> On Thu, Feb 13, 2014 at 08:01:27PM -0500, Jared Mauch wrote: >> I would actually like to ask for those folks to un-block NTP so >> there is proper data on the number of hosts for those researching >> this. The right thing to do is reconfigure them. I've seen a >> good trend line in NTP servers being fixed, and hope we will see >> more of that in the next few weeks. > > > A slight exception to that statement, if I may... > > The right thing to do is for people to not permit services to > operate on hosts they do not intend to operate on and not to be > visible to those they do not intend to use them. In other words, to > properly manage their networks. If that means blocking all access > to potentially faulty implementations, then that's the right thing > to do. In short, companies should do what is right for their > companies and nevermind anyone else. > > Never forget that researches are just part of the "public" and > should never consider that their usage of the internet is any more > or less valid to the average third party than the next guy. > Taken to the logical extreme, the "right thing" to do is to deny any spoofed traffic from abusing these services altogether. NTP is not the only one; there is also SNMP, DNS, etc. - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlL+Y68ACgkQKJasdVTchbJ/dgEAqgERvP6HMl2v5fbhZDwI9QKT YEe/c3mN5gZlxsIKFo0A/3BH9KMV6ln7XMrlnk4c/GuwZ9X4LAgqO6l2p8u3aA49 =yWZU -----END PGP SIGNATURE-----
