[168676] in North American Network Operators' Group
Re: BCP38.info, RELATING: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (Michael DeMan)
Mon Feb 3 03:24:31 2014
From: Michael DeMan <nanog@deman.com>
In-Reply-To: <794951B3-F26E-493F-8CD6-404202813B9D@arbor.net>
Date: Mon, 3 Feb 2014 00:24:08 -0800
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
I think I might have already deleted subject matter a few days ago in =
re: BCP38.
What exactly are you trying to do?
I agree my general comment about the recent NTP weaknesses should be =
addressed via IPv6 RFC may have been mis-understood.
I meant mostly that with IPv6 NAT goes away, all devices are exposed, =
and we also have the 'internet of things' - much more subject to =
potential abuse.
An NTPv5 solution that could be done with NTP services already, and =
would be more of a 'best practices of how this shit starts up and what =
it can do' and educating vendors to have reasonable behavior in the =
first place?
And an NTPv6 solution/RFC/guideline that was similar, could help?
Neither will 'solve the problem' - but I think the idea of managing what =
somebody can do and having the provider filter in/out on IPv4 and/or =
mobile ipV4, much less ipV6 is very unorthodox and much against the =
spirit of having global m:n communications be helpful for humanity.
My apologies if I mis-understand your recent and last few e-mails.
I disagree that 'filtering' or 'blocking' any kind of IPv4 or IPv6 =
protocol to 'protect the end user' is the wrong way to go when compared =
to just having things work in a secure manner.
- Mike
On Feb 3, 2014, at 12:07 AM, Dobbins, Roland <rdobbins@arbor.net> wrote:
>=20
> On Feb 3, 2014, at 2:55 PM, Dobbins, Roland <rdobbins@arbor.net> =
wrote:
>=20
>> It would be useful to know whether there are in fact NATs, or are =
'DNS forwarders' . . .
>=20
> Another question is whether or not it's possible that in at least some =
cases, MITMing boxes on intermediary networks are grabbing these queries =
and then spoofing the scanner source IP as they redirect the queries . . =
. . if this is taking place, then it would be the network(s) with the =
MITMing box(es) which allow spoofing, irrespective of whether or not the =
intended destination networks do, yes?
>=20
> =
-----------------------------------------------------------------------
> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>=20
> Luck is the residue of opportunity and design.
>=20
> -- John Milton
>=20
>=20
