| Re: [chrony-dev] Traffic amplification with chrony commands |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On Fri, Jan 17, 2014 at 09:53:01AM -0800, Bill Unruh wrote:
> You would use a different random number for each IP, so that that part of
> it would be unkown to the attacker (presumably-- if they "owned" the IP address
> they were attacking then they could get that, but then they could just launch
> a flood from it directly)
>
> Of course that would mean that chronyd would have to keep a library of current
> nonces for each IP address that queries came in for, and one would have to
> worry about a DOS against chronyc in which it was flooded with requests.
> But one could put a rate limiting on that-- eg put in a delay of say 1 sec on
> the response for the nonce, and only accept a certain number per second.
I don't like that. I think the point of using a nonce is that it
doesn't keep state for each client.
> Easier might be to password the command. On the other hand, for a local query
> one really would not want a password, so that would complicate the logic in
> chronyd.
Hm, that's an interesting idea, to require password for all commands
if it's not from localhost and keep it as it is for localhost. It
wouldn't break compatibility and most of the users probably wouldn't
even notice it.
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.