nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TWC (AS11351) blocking all NTP?

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Mon, 3 Feb 2014 04:09:39 +0000

On Feb 3, 2014, at 10:58 AM, Dobbins, Roland <rdobbins () arbor net> wrote:


I'm a big believer in using ACLs to intelligently preclude reflection/amplification abuse, but wholesale filtering of 
all UDP takes matters too far, IMHO.


I also think that restricting your users by default to your own recursive DNS servers, plus a couple of well-known, 
well-run public recursive services, is a good idea - as long as you allow your users to opt out.

This has nothing to do with DDoS, but with other types of issues.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton
Previous By Date Next
Previous By Thread Next

Current thread: