[169136] in North American Network Operators' Group
Re: ddos attack blog
daemon@ATHENA.MIT.EDU (Hal Murray)
Fri Feb 14 18:03:56 2014
To: nanog@nanog.org
From: Hal Murray <hmurray@megapathdsl.net>
Date: Fri, 14 Feb 2014 15:00:34 -0800
Cc: Hal Murray <hmurray@megapathdsl.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> I was being a bit extreme, I don't expect UDP to be blocked and there are
> valid uses for NTP and it needs to pass. Can you imagine the trading
> servers not having access to NTP?
Sure.
They could setup internal NTP servers listening to GPS. Would it be as good
overall as using external servers? Probably not, but it might be good
enough. I doubt if it would be very high on any trading floors list of nasty
problems.
They could arrange to poke holes through the generic UDP block - whitelist
the few known cases where UDP traffic is expected. Would it be a pain to
administer? Probably, but I'll bet it could be made to work.
--
These are my opinions. I hate spam.
