[169430] in North American Network Operators' Group
Re: Filter NTP traffic by packet size?
daemon@ATHENA.MIT.EDU (Blake Hudson)
Tue Feb 25 15:10:32 2014
Date: Tue, 25 Feb 2014 14:09:38 -0600
From: Blake Hudson <blake@ispn.net>
To: nanog@nanog.org
In-Reply-To: <d0225d3a502a436e9bbb22d75c219aad@EDGMBXV06.marvel.elnk.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
As an ISP in the USA, we try to follow the FCC's guidelines on a policy
of non blocking. Not just because the FCC says so, but because we think
it's in our and our customer's best interests. We don't dictate what our
customer's can do with their internet connection as long as they're not
breaking the law or negatively affecting the service for others.
--Blake
Staudinger, Malcolm wrote the following on 2/25/2014 11:22 AM:
> Why wouldn't you just block chargen entirely? Is it actually still being used these days for anything legitimate?
>
> Malcolm Staudinger
> Information Security Analyst | EIS
> EarthLink
>
> E: mstaudinger@corp.earthlink.com
>
> -----Original Message-----
> From: Blake Hudson [mailto:blake@ispn.net]
> Sent: Tuesday, February 25, 2014 8:58 AM
> To: nanog@nanog.org
> Subject: Re: Filter NTP traffic by packet size?
>
> I talked to one of our upstream IP transit providers and was able to negotiate individual policing levels on NTP, DNS, SNMP, and Chargen by UDP port within our aggregate policer. As mentioned, the legitimate traffic levels of these services are near 0. We gave each service many times the amount to satisfy subscribers, but not enough to overwhelm network links during an attack.
>
> --Blake
>
