[169137] in North American Network Operators' Group
Re: ddos attack blog
daemon@ATHENA.MIT.EDU (joel jaeggli)
Fri Feb 14 18:20:10 2014
Date: Fri, 14 Feb 2014 15:19:42 -0800
From: joel jaeggli <joelja@bogus.com>
To: Hal Murray <hmurray@megapathdsl.net>, nanog@nanog.org
In-Reply-To: <20140214230034.7F8AE406062@ip-64-139-1-69.sjc.megapath.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--3K71l9hLUA6Csm51k1UnDAqiaoU7Qnc3x
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 2/14/14, 3:00 PM, Hal Murray wrote:
>=20
>> I was being a bit extreme, I don't expect UDP to be blocked and there =
are
>> valid uses for NTP and it needs to pass. Can you imagine the trading
>> servers not having access to NTP?=20
>=20
> Sure.
>=20
> They could setup internal NTP servers listening to GPS. Would it be as=
good=20
> overall as using external servers? Probably not, but it might be good=
=20
> enough. I doubt if it would be very high on any trading floors list of=
nasty=20
> problems.
>=20
> They could arrange to poke holes through the generic UDP block - whitel=
ist=20
> the few known cases where UDP traffic is expected. Would it be a pain =
to=20
> administer? Probably, but I'll bet it could be made to work.
High value concentrated applications are relatively easy things to get
high quality time to.
it's all the consumer electronics devices and everything that uses
ssl/tls that needs access to time that is a more diffuse and less
tractable problem.
joel
>=20
--3K71l9hLUA6Csm51k1UnDAqiaoU7Qnc3x
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL+pI8ACgkQ8AA1q7Z/VrLR7ACfRSMMOqLEPBE4Gaf+UJ6PfIel
S8sAn3dnW5YpJ0EBsg7sWYD1SzSZXD+0
=rd5K
-----END PGP SIGNATURE-----
--3K71l9hLUA6Csm51k1UnDAqiaoU7Qnc3x--
