Re: Filter NTP traffic by packet size?

[Peter Phaal <peter.phaal () gmail com>]

Brocade demonstrated how peering exchanges can selectively filter
large NTP reflection flows using the sFlow monitoring and hybrid port
OpenFlow capabilities of their MLXe switches at last week's Network
Field Day event.

http://blog.sflow.com/2014/02/nfd7-real-time-sdn-and-nfv-analytics_1986.html

On Sat, Feb 22, 2014 at 4:43 PM, Chris Laffin <claffin () peer1 com> wrote:
> Has anyone talked about policing ntp everywhere. Normal traffic levels are extremely low but the ddos traffic is very 
> high. It would be really cool if peering exchanges could police ntp on their connected members.
>
> > On Feb 22, 2014, at 8:05, "Paul Ferguson" <fergdawgster () mykolab com> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > > On 2/22/2014 7:06 AM, Nick Hilliard wrote:
> > >
> > > > On 22/02/2014 09:07, Cb B wrote:
> > > > Summary IETF response:  The problem i described is already solved
> > > > by bcp38, nothing to see here, carry on with UDP
> > >
> > > udp is here to stay.  Denying this is no more useful than trying to
> > > push the tide back with a teaspoon.
> >
> > Yes, udp is here to stay, and I quote Randy Bush on this, "I encourage
> > my competitors to block udp."  :-p
> >
> > - - ferg
> >
> >
> > - --
> > Paul Ferguson
> > VP Threat Intelligence, IID
> > PGP Public Key ID: 0x54DC85B2
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (MingW32)
> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> >
> > iF4EAREIAAYFAlMIynoACgkQKJasdVTchbJsqQD/ZVz5vYaIAEv/z2kbU6kEM+KS
> > OQx2XcSkU7r02wNDytoBANVkgZQalF40vhQED+6KyKv7xL1VfxQg1W8T4drh+6/M
> > =FTxg
> > -----END PGP SIGNATURE-----