nanog mailing list archives

Re: Filter NTP traffic by packet size?

From: Jared Mauch <jared () puck nether net>
Date: Wed, 26 Feb 2014 17:40:06 -0500


On Feb 26, 2014, at 5:33 PM, Valdis.Kletnieks () vt edu wrote:

On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said:

Blocking chargen at the edge doesn't seem to be outside of the realm of
possibilities.


What systems are (a) still have chargen enabled and (b) common enough to make
it a viable DDoS vector?  Just wondering if I need to go around and find
users of mine that need to be smacked around with a large trout....


First, if you didn't see this excellent paper, check it out:

http://www.internetsociety.org/doc/amplification-hell-revisiting-network-protocols-ddos-abuse

a) Yes - printers and other devices have it.

b) yes.

I only ran the scan once, but had ~130k devices respond.

http://chargenscan.org/chargenip2asn.txt

- Jared

Current thread:

Re: Filter NTP traffic by packet size?, (continued)
- - - Re: Filter NTP traffic by packet size? Keegan Holley (Feb 26)
    - Re: Filter NTP traffic by packet size? Brandon Galbraith (Feb 26)
    - Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 26)
    - Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Keegan Holley (Feb 27)
    - Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Ray Soucy (Feb 28)
    - Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 28)
    - Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Ray Soucy (Feb 28)
    - Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 28)
    - Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Christopher Morrow (Feb 28)
    - Re: Filter NTP traffic by packet size? Valdis . Kletnieks (Feb 26)
    - Re: Filter NTP traffic by packet size? Jared Mauch (Feb 26)
    - Re: Filter NTP traffic by packet size? Randy Bush (Feb 26)
    - Re: Filter NTP traffic by packet size? Frank Habicht (Feb 26)
    - Re: Filter NTP traffic by packet size? Jimmy Hess (Feb 26)
    - Re: Filter NTP traffic by packet size? Niels Bakker (Feb 28)
    - Re: Filter NTP traffic by packet size? Randy Bush (Feb 28)
    - Re: Filter NTP traffic by packet size? Niels Bakker (Feb 28)
    - Re: Filter NTP traffic by packet size? Robert Drake (Feb 26)
    - Re: Filter NTP traffic by packet size? Keegan Holley (Feb 27)
    - Re: Filter NTP traffic by packet size? Jimmy Hess (Feb 26)
    - Re: Filter NTP traffic by packet size? Robert Drake (Feb 26)

(Thread continues...)