nanog mailing list archives
Re: ddos attack blog
From: joel jaeggli <joelja () bogus com>
Date: Fri, 14 Feb 2014 15:19:42 -0800
On 2/14/14, 3:00 PM, Hal Murray wrote:
I was being a bit extreme, I don't expect UDP to be blocked and there are valid uses for NTP and it needs to pass. Can you imagine the trading servers not having access to NTP?Sure. They could setup internal NTP servers listening to GPS. Would it be as good overall as using external servers? Probably not, but it might be good enough. I doubt if it would be very high on any trading floors list of nasty problems. They could arrange to poke holes through the generic UDP block - whitelist the few known cases where UDP traffic is expected. Would it be a pain to administer? Probably, but I'll bet it could be made to work.
High value concentrated applications are relatively easy things to get high quality time to. it's all the consumer electronics devices and everything that uses ssl/tls that needs access to time that is a more diffuse and less tractable problem. joel
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: ddos attack blog, (continued)
- Re: ddos attack blog Mark Tinka (Feb 14)
- Re: ddos attack blog Wayne E Bouchard (Feb 14)
- Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Joe Provo (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Jeff Kell (Feb 14)
- Message not available
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Larry Sheldon (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: ddos attack blog John (Feb 14)
- Re: ddos attack blog joel jaeggli (Feb 14)