[168706] in North American Network Operators' Group
Re: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (Joel M Snyder)
Mon Feb 3 14:23:17 2014
Date: Mon, 03 Feb 2014 20:21:56 +0100
From: Joel M Snyder <Joel.Snyder@Opus1.COM>
To: nanog@nanog.org, johnl@iecc.com
In-reply-to: <mailman.14873.1391454313.40664.nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> It seems thata hosts sending large amounts of NTP traffic over the
> public Internet can be safely filtered if you don't already know that
> it's one of the handful that's in the ntp.org pools or another well
> known NTP master.
Speaking as one of the 3841 servers in the pool.ntp.org pool, I'm happy
to be described as a "handful," something my mother used to say, but I
do feel obligated to point out that it's a pretty big handful especially
if you want to be fiddling ACLs on an hourly basis which is pretty much
what it takes.
And, of course, if you're one of that handful, then you've pretty much
got to allow that NTP traffic in, although you're also probably,
hopefully, clue-full enough not to let random hosts make you a DDoS
accelerator.
(the other) jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
jms@Opus1.COM http://www.opus1.com/jms
