[169447] in North American Network Operators' Group
Re: Filter NTP traffic by packet size?
daemon@ATHENA.MIT.EDU (Frank Habicht)
Thu Feb 27 00:47:27 2014
Date: Thu, 27 Feb 2014 08:46:48 +0300
From: Frank Habicht <geier@geier.ne.tz>
To: nanog@nanog.org
In-Reply-To: <m2mwhdi1k4.wl%randy@psg.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/27/2014 8:09 AM, Randy Bush wrote:
>> I only ran the scan once, but had ~130k devices respond.
>
> is there any modern utility in chargen?
I know of none, maybe I'm too young.
So we could conclude we don't need that service running.
But some folk use ports for services other than the intended -
like tcp:443 for VPN ;-)
So if we can get enough abusable end-systems fixed (hope so *),
and we get enough source address validation (bcp38) to reduce sources of
badness (hope so *),
then the network won't need to block that port and
someone can make inventive use of it ;-)
(*) and working on it.
Frank
PS:
- seems something going on already, had one outside complain about traffic
from our IP udp:19
- better start scanning proactively
