nanog mailing list archives
Re: Filter NTP traffic by packet size?
From: George William Herbert <george.herbert () gmail com>
Date: Sun, 23 Feb 2014 10:36:42 -0800
On Feb 23, 2014, at 9:50 AM, Lukasz Bromirski <lukasz () bromirski net> wrote:
To do some additional checks would require extensive testing, platforms capable of doing this in predictable manner (stability, performance) and obviously - a lot more work than it costs today.
What are the costs and stability impacts of the DDOS that are running now? Everyone is asserting it's someone else's problem. Which in a sense it is. But what goes around will come around. If you are not BCP 38 you are sourcing problems. If you are transiting or IXPing someone who isn't BCP 38 you are enabling problems. Is what we are doing now good enough? Probably not. It would take fewer IXP and transit providers adding analysis capability to backtrack than endpoints. So the enablers are more capable of effecting change. They are less to blame in the first place, but not blameless. To assert blamelessness is a form of Tragedy of the Commons. If it's crossing your link or switch, you ARE in the responsibility chain. The last thing I would like to see is large orgs starting to retreat away from open interconnect because of DDOS coming in from less well managed parts of the net. Perhaps BCP 38 implementation will rise fast enough that these things will not become real, but we have been hearing that for 15 plus years now... At some point, the "38 will work by itself!" line approaches "Look at the Emperors' fine new clothes!". -george william herbert george.herbert () gmail com Sent from Kangphone
Current thread:
- Re: Filter NTP traffic by packet size?, (continued)
- Re: Filter NTP traffic by packet size? Nick Hilliard (Feb 22)
- Re: Filter NTP traffic by packet size? Paul Ferguson (Feb 22)
- Re: Filter NTP traffic by packet size? Chris Laffin (Feb 22)
- Re: Filter NTP traffic by packet size? Peter Phaal (Feb 22)
- Re: Filter NTP traffic by packet size? Chris Laffin (Feb 23)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? Peter Phaal (Feb 23)
- Re: Filter NTP traffic by packet size? sthaug (Feb 23)
- Re: Filter NTP traffic by packet size? Lukasz Bromirski (Feb 23)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? George William Herbert (Feb 23)
- Re: Filter NTP traffic by packet size? Royce Williams (Feb 23)
- Re: Filter NTP traffic by packet size? Royce Williams (Feb 23)
- Re: Filter NTP traffic by packet size? joel jaeggli (Feb 23)
- RE: Filter NTP traffic by packet size? James Braunegg (Feb 23)
- Re: Filter NTP traffic by packet size? sjt5atra (Feb 24)
- Re: Filter NTP traffic by packet size? Jérôme Nicolle (Feb 28)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? Randy Bush (Feb 23)
- Re: Filter NTP traffic by packet size? Ray Soucy (Feb 24)
- Re: Filter NTP traffic by packet size? Blake Hudson (Feb 25)