Re: TWC (AS11351) blocking all NTP?

["Dobbins, Roland" <rdobbins () arbor net>]

On Feb 3, 2014, at 1:54 PM, Michael DeMan <nanog () deman com> wrote:

> I certainly would not want to provide as part the AUP (as seller or buyer), a policy that fundamentals like NTP are 
> 'blocked' to customers.  Seems like too much of a slippery slope for my taste.

The idea is to block traffic to misconfigured ntpds on broadband customer access networks, not to limit their choice of 
which ntp servers to use.

> In regards to anti-spoofing measures - I think there a couple of vectors about the latest NTP attack where more 
> rigorous client-side anti-spoofing could help but will not solve it overall.

Rigorous antispoofing would solve the problem of all reflection/amplification DDoS attacks.  My hunch is that most 
spoofed traffic involved in these attacks actually emanates from compromised/abused servers on IDC networks (including 
so-called 'bulletproof' miscreant-friendly networks), but I've no data to support that, yet.

>  Trying to be fair and practical (from my perspective) - it is a lot easier and quicker to patch/workaround IPv4 
> problems and address proper solutions via IPv6 and associated RFCs?

There's nothing in IPv6 which makes any difference.  The ultimate solution is antispoofing at the customer edge.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton