[168666] in North American Network Operators' Group
Re: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Sun Feb 2 23:10:02 2014
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "nanog@nanog.org list" <nanog@nanog.org>
Date: Mon, 3 Feb 2014 04:09:39 +0000
In-Reply-To: <796DB246-58DA-4538-9E67-471D5793E914@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 3, 2014, at 10:58 AM, Dobbins, Roland <rdobbins@arbor.net> wrote:
> I'm a big believer in using ACLs to intelligently preclude reflection/amp=
lification abuse, but wholesale filtering of all UDP takes matters too far,=
IMHO.
I also think that restricting your users by default to your own recursive D=
NS servers, plus a couple of well-known, well-run public recursive services=
, is a good idea - as long as you allow your users to opt out.
This has nothing to do with DDoS, but with other types of issues.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
