[169439] in North American Network Operators' Group
Re: Filter NTP traffic by packet size?
daemon@ATHENA.MIT.EDU (Robert Drake)
Wed Feb 26 17:49:53 2014
Date: Wed, 26 Feb 2014 17:48:59 -0500
From: Robert Drake <rdrake@direcpath.com>
To: <nanog@nanog.org>
In-Reply-To: <20125.1393454025@turing-police.cc.vt.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/26/2014 5:33 PM, Valdis.Kletnieks@vt.edu wrote:
> On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said:
>
>> Blocking chargen at the edge doesn't seem to be outside of the realm of
>> possibilities.
> What systems are (a) still have chargen enabled and (b) common enough to make
> it a viable DDoS vector? Just wondering if I need to go around and find
> users of mine that need to be smacked around with a large trout....
I would do it. I scanned all my public and private networks and found a
few. I've added it to our customer acls to stop it. There were also a
couple of internal routers that someone had turned or left it on that
were missed. Those are now fixed.
nmap -T4 -oG chargen_scan.txt -sS -sU -p 19 <your netblocks here>
