[169397] in North American Network Operators' Group
Re: Filter NTP traffic by packet size?
daemon@ATHENA.MIT.EDU (Chris Laffin)
Sun Feb 23 09:59:18 2014
From: Chris Laffin <claffin@peer1.com>
To: Peter Phaal <peter.phaal@gmail.com>, "nanog@nanog.org list"
<nanog@nanog.org>
Date: Sun, 23 Feb 2014 14:58:36 +0000
In-Reply-To: <CAB8g2zyrKupk6uBjFj-7UcbDp0v8y1wh=FEjuqxOsTY4h1EiJw@mail.gmail.com>
X-MAIL-FROM: <claffin@peer1.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Ive talked to some major peering exchanges and they refuse to take any acti=
on. Possibly if the requests come from many peering participants it will be=
taken more seriously?
> On Feb 22, 2014, at 19:23, "Peter Phaal" <peter.phaal@gmail.com> wrote:
>=20
> Brocade demonstrated how peering exchanges can selectively filter
> large NTP reflection flows using the sFlow monitoring and hybrid port
> OpenFlow capabilities of their MLXe switches at last week's Network
> Field Day event.
>=20
> http://blog.sflow.com/2014/02/nfd7-real-time-sdn-and-nfv-analytics_1986.h=
tml
>=20
>> On Sat, Feb 22, 2014 at 4:43 PM, Chris Laffin <claffin@peer1.com> wrote:
>> Has anyone talked about policing ntp everywhere. Normal traffic levels a=
re extremely low but the ddos traffic is very high. It would be really cool=
if peering exchanges could police ntp on their connected members.
>>=20
>>> On Feb 22, 2014, at 8:05, "Paul Ferguson" <fergdawgster@mykolab.com> wr=
ote:
>>>=20
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>=20
>>>>> On 2/22/2014 7:06 AM, Nick Hilliard wrote:
>>>>>=20
>>>>> On 22/02/2014 09:07, Cb B wrote:
>>>>> Summary IETF response: The problem i described is already solved
>>>>> by bcp38, nothing to see here, carry on with UDP
>>>>=20
>>>> udp is here to stay. Denying this is no more useful than trying to
>>>> push the tide back with a teaspoon.
>>>=20
>>> Yes, udp is here to stay, and I quote Randy Bush on this, "I encourage
>>> my competitors to block udp." :-p
>>>=20
>>> - - ferg
>>>=20
>>>=20
>>> - --
>>> Paul Ferguson
>>> VP Threat Intelligence, IID
>>> PGP Public Key ID: 0x54DC85B2
>>>=20
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2.0.22 (MingW32)
>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>>=20
>>> iF4EAREIAAYFAlMIynoACgkQKJasdVTchbJsqQD/ZVz5vYaIAEv/z2kbU6kEM+KS
>>> OQx2XcSkU7r02wNDytoBANVkgZQalF40vhQED+6KyKv7xL1VfxQg1W8T4drh+6/M
>>> =3DFTxg
>>> -----END PGP SIGNATURE-----
>>=20
