[169362] in North American Network Operators' Group
Re: Filter NTP traffic by packet size?
daemon@ATHENA.MIT.EDU (Damian Menscher)
Fri Feb 21 16:30:49 2014
In-Reply-To: <CAD6AjGTfkjPJWQQpqvaUbiuOikWG=LEnw1o0=gaOm4_eUBGwNA@mail.gmail.com>
From: Damian Menscher <damian@google.com>
Date: Fri, 21 Feb 2014 13:30:05 -0800
To: Cb B <cb.list6@gmail.com>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Feb 21, 2014 at 1:22 PM, Cb B <cb.list6@gmail.com> wrote:
> On Thu, Feb 20, 2014 at 2:12 PM, Damian Menscher <damian@google.com>
> wrote:
> > On Thu, Feb 20, 2014 at 1:03 PM, Jared Mauch <jared@puck.nether.net>
> wrote:
> > You may also want to look at filtering UDP/80 outright as well, as that
> is
> >> commonly used as an "I'm going to attack port 80" by attackers that
> don't
> >> quite understand the difference between UDP and TCP.
> >
> > Please don't filter UDP/80. It's used by QUIC (
> > http://en.wikipedia.org/wiki/QUIC).
>
> The folks at QUIC have been advised to not use UDP for a new protocol,
> and they would be very well advised to not use UDP:80 since that is a
> well known target port used in the DDoS reflection attacks.
>
Please suggest which protocol has less blocking on the internet today
(keeping in mind the full end-to-end stack of CPE, various ISPs,
country-level proxies, backbone providers, etc).
Damian
