nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Filter NTP traffic by packet size?

From: Damian Menscher <damian () google com>
Date: Fri, 21 Feb 2014 13:30:05 -0800
On Fri, Feb 21, 2014 at 1:22 PM, Cb B <cb.list6 () gmail com> wrote:


On Thu, Feb 20, 2014 at 2:12 PM, Damian Menscher <damian () google com>
wrote:

On Thu, Feb 20, 2014 at 1:03 PM, Jared Mauch <jared () puck nether net>

wrote:

You may also want to look at filtering UDP/80 outright as well, as that

is

commonly used as an "I'm going to attack port 80" by attackers that

don't

quite understand the difference between UDP and TCP.


Please don't filter UDP/80.  It's used by QUIC (
http://en.wikipedia.org/wiki/QUIC).


The folks at QUIC have been advised to not use UDP for a new protocol,
and they would be very well advised to not use UDP:80 since that is a
well known target port used in the DDoS reflection attacks.



Please suggest which protocol has less blocking on the internet today
(keeping in mind the full end-to-end stack of CPE, various ISPs,
country-level proxies, backbone providers, etc).

Damian
Previous By Date Next
Previous By Thread Next

Current thread: