[169325] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Filter NTP traffic by packet size?

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Feb 20 22:00:51 2014

From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Fri, 21 Feb 2014 03:00:27 +0000
In-Reply-To: <6684E49C-E47B-49EF-B167-4467F445AD33@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


On Feb 21, 2014, at 9:55 AM, Dobbins, Roland <rdobbins@arbor.net> wrote:

> Filtering out packets this size from UDP/anything to UDP/123 allows time-=
sync requests and responses to work, but squelches both the level-6/-7 comm=
ands used to trigger amplification as well as amplified attack traffic.

Also, the reverse - UDP/123 - UDP/anything, for the amplified attack traffi=
c.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[169325] in North American Network Operators' Group

Re: Filter NTP traffic by packet size?

daemon@ATHENA.MIT.EDU (Dobbins, Roland)Thu Feb 20 22:00:51 2014

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Feb 20 22:00:51 2014