nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TWC (AS11351) blocking all NTP?

From: Jay Ashworth <jra () baylink com>
Date: Tue, 4 Feb 2014 00:52:48 -0500 (EST)
----- Original Message -----

From: "Glen Turner" <gdt () gdt id au>



On 4 Feb 2014, at 9:28 am, Christopher Morrow
<morrowc.lists () gmail com> wrote:


wait, so the whole of the thread is about stopping participants in
the attack, and you're suggesting that removing/changing end-system
switch/routing gear and doing something more complex than:
 deny udp any 123 any
 deny udp any 123 any 123
 permit ip any any


Which just pushes NTP to some other port, making control harder. We’ve
already pushed all ‘interesting' traffic to port 80 on TCP, which has
made traffic control very expensive. Let’s not repeat that history.


"Those who do not understand the Internet are condemned to reinvent it.
 Poorly."

-- after henry@utzoo, though he was talking about Unix, and I am generally
    looking at Tapatalk and talking about Usenet.

Cheers,
-- jra

-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274
Previous By Date Next
Previous By Thread Next

Current thread: