Re: TWC (AS11351) blocking all NTP?

[Joel M Snyder <Joel.Snyder () Opus1 COM>]

> It seems thata hosts sending large amounts of NTP traffic over the
> public Internet can be safely filtered if you don't already know that
> it's one of the handful that's in the ntp.org pools or another well
> known NTP master.

Speaking as one of the 3841 servers in the pool.ntp.org pool, I'm happy 
to be described as a "handful," something my mother used to say, but I 
do feel obligated to point out that it's a pretty big handful especially 
if you want to be fiddling ACLs on an hourly basis which is pretty much 
what it takes.

And, of course, if you're one of that handful, then you've pretty much 
got to allow that NTP traffic in, although you're also probably, 
hopefully, clue-full enough not to let random hosts make you a DDoS 
accelerator.

(the other) jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms () Opus1 COM                http://www.opus1.com/jms