[168738] in North American Network Operators' Group
Re: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Tue Feb 4 00:53:10 2014
Date: Tue, 4 Feb 2014 00:52:48 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <2FFA5472-37CC-425E-AB9B-470F9DF60FB4@gdt.id.au>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Glen Turner" <gdt@gdt.id.au>
> On 4 Feb 2014, at 9:28 am, Christopher Morrow
> <morrowc.lists@gmail.com> wrote:
>=20
> > wait, so the whole of the thread is about stopping participants in
> > the attack, and you're suggesting that removing/changing end-system
> > switch/routing gear and doing something more complex than:
> > deny udp any 123 any
> > deny udp any 123 any 123
> > permit ip any any
>=20
> Which just pushes NTP to some other port, making control harder. We=E2=80=
=99ve
> already pushed all =E2=80=98interesting' traffic to port 80 on TCP, which=
has
> made traffic control very expensive. Let=E2=80=99s not repeat that histor=
y.
"Those who do not understand the Internet are condemned to reinvent it.
Poorly."
-- after henry@utzoo, though he was talking about Unix, and I am generally
looking at Tapatalk and talking about Usenet.
Cheers,
-- jra
--=20
Jay R. Ashworth Baylink jra@baylink.=
com
Designer The Things I Think RFC 2=
100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover =
DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1=
274
