[169392] in North American Network Operators' Group
Re: The somewhat illegal fix for NTP attacks
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Sat Feb 22 16:09:58 2014
In-Reply-To: <20140222124128.GA24205@gsp.org>
From: Jimmy Hess <mysidia@gmail.com>
Date: Sat, 22 Feb 2014 15:09:06 -0600
To: Rich Kulawiec <rsk@gsp.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Feb 22, 2014 at 6:41 AM, Rich Kulawiec <rsk@gsp.org> wrote:
Perhaps you would rather publish a blacklist of "/24s containing NTP
servers open to MONLIST" over UDP port 123 similar to the bogon feeds.
And encourage all networks to blackhole the list.
That way potential NTP reflection abuse traffic gets stuffed as close to
the source as possible.
> It's never appropriate to respond to abuse with abuse. Not only is
> it questionable/unprofessional behavior, but -- as we've seen -- there
> is a high risk that it'll exacerbate the problem, often by targeting
> innocent third parties.
>
> I understand the frustration but this is not the way.
>
> ---rsk
--
-JH
