Jump to content
  • entries
    4
  • comments
    7
  • views
    1,192

Programmers: Get Your Act Together Before You Disrupt The Internet

wpirobotbuilder

Entry posted by wpirobotbuilder

575 views

 Share

Start by reading this technical post from CloudFlare.

UDP itself has uses, but the 'monlist' command in the Network Time Protocol is entirely useless. It was probably a "feature" some genius programmer thought they'd need but didn't, and it just got left in the code base.

In proper software design, the majority of development strategies will prevent you from having code in your codebase that isn't used. If programmers for the NTP codebase had been developing code properly, this command would never have been implemented, and we wouldn't be dealing with these sorts of DDos attack. Apparently SNMP is being predicted to fall next, with almost three times the potential for DDos that NTP amplification can do, so better start cleaning up those vectors for DDos.

If this attack had been using SNMP amplification, we would be seeing attacks on the Terabit scale (1 Tb/s), which is on the order of disrupting the infrastructure of the internet.

 Share

1 Comment

IdeaStormer

Well I'm sure monlist exists partially for some programmers use but might also be there because someone told him to put it there. The feature request by non-IT people with power can also add to this mess, but since they are signing the check it gets added. So I wouldn't blame the programmer for it all.

 

There are many secret features/functions out on the interwebs that are there for a good reason and an equal amount for a bad reason. Custom apps out in the wild are high in number, custom as in not documented and for one person's use or one company to make their task "easy", not to mention backdoor security in the name of being able to recover something a customer screwed themselves out of due to bad user documentation (passwd db).

 

Documentation really.

Link to comment
Link to post
×