[169398] in North American Network Operators' Group
Re: Filter NTP traffic by packet size?
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Sun Feb 23 10:15:16 2014
Date: Sun, 23 Feb 2014 16:14:52 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Chris Laffin <claffin@peer1.com>
In-Reply-To: <4270A893-343F-437D-861C-2002046EFBFE@exchange.peer1.com>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, 23 Feb 2014, Chris Laffin wrote:
> Ive talked to some major peering exchanges and they refuse to take any action. Possibly if the requests come from many peering participants it will be taken more seriously?
If only there was more focus on the BCP38 offenders who are the real root
cause of this problem, I would be more happy.
I would be more impressed if the IXes would start to use their sFlow
capabilities to find out what IX ports the NTP queries are coming to
backtrace the traffic to the BCP38 offendors than try to block the NTP
packets resulting from these src address forged queries.
--
Mikael Abrahamsson email: swmike@swm.pp.se
