nanog mailing list archives

Re: Filter NTP traffic by packet size?

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Fri, 21 Feb 2014 03:08:16 +0000


On Feb 21, 2014, at 9:55 AM, Dobbins, Roland <rdobbins () arbor net> wrote:

Filtering out packets this size from UDP/anything to UDP/123 allows time-sync requests and responses to work, but 
squelches both the level-6/-7 commands used to trigger amplification as well as amplified attack traffic.


That should read, filtering out packets **** NOT **** that size.

Lack of sleep, apologies.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton

Current thread:

Re: Filter on IXP, (continued)
- - - Re: Filter on IXP Jérôme Nicolle (Feb 28)
    - Re: Filter on IXP Nick Hilliard (Feb 28)
    - Re: Filter on IXP Patrick W. Gilmore (Feb 28)
    - Re: Filter on IXP Jérôme Nicolle (Feb 28)
    - Re: Filter NTP traffic by packet size? Saku Ytti (Feb 22)
- Re: Filter NTP traffic by packet size? Laszlo Hanyecz (Feb 20)
  - Re: Filter NTP traffic by packet size? James R Cutler (Feb 20)
- Re: Filter NTP traffic by packet size? Phil Bedard (Feb 20)
- Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
  - Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
  - Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
  - Re: Filter NTP traffic by packet size? Harlan Stenn (Feb 21)
    - Re: Filter NTP traffic by packet size? Dobbins, Roland (Feb 20)
- RE: Filter NTP traffic by packet size? Phil Bedard (Feb 23)
- Re: Filter NTP traffic by packet size? Brandon Butterworth (Feb 23)
- Re: Filter NTP traffic by packet size? Harry Hoffman (Feb 26)