nanog mailing list archives
Re: UDP/123 policers & status
From: "Compton, Rich A" <Rich.Compton () charter com>
Date: Tue, 17 Mar 2020 16:01:05 +0000
Yes, we still see lots of UDP amplification attacks using NTP monlist. We use a filter to block UDP src 123 packets of 468 bytes in length (monlist reply with the max 6 IPs). -Rich On 3/17/20, 8:55 AM, "NANOG on behalf of Jared Mauch" <nanog-bounces () nanog org on behalf of jared () puck nether net> wrote: I’m curious what people are seeing these days on the UDP/123 policers in their networks. I know while I was at NTT we rolled some out, and there are a number of variants that have occurred over the past 6-7 years. I’ve heard from people at the NTP Pool as well as having observed some issues with NTP at Akamai and time sync from time to time. Are you still seeing a lot of NTP attacks in your flows these days? Should we be looking to remove these, similar to how we did for SQL/Slammer after a time? - Jared E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
Current thread:
- UDP/123 policers & status Jared Mauch (Mar 17)
- Re: UDP/123 policers & status Mark Tinka (Mar 17)
- Re: UDP/123 policers & status Compton, Rich A (Mar 17)
- Re: UDP/123 policers & status Ca By (Mar 17)
- Re: UDP/123 policers & status Mark Tinka (Mar 17)
- Re: UDP/123 policers & status Steven Sommars (Mar 18)
- Re: UDP/123 policers & status Ca By (Mar 18)
- Re: UDP/123 policers & status Saku Ytti (Mar 18)
- Re: UDP/123 policers & status Damian Menscher via NANOG (Mar 18)
- Re: UDP/123 policers & status Harlan Stenn (Mar 18)
- Re: UDP/123 policers & status Damian Menscher via NANOG (Mar 18)
- Re: UDP/123 policers & status Ca By (Mar 17)
- Re: UDP/123 policers & status Steven Sommars (Mar 19)
- <Possible follow-ups>
- Re: UDP/123 policers & status Hal Murray (Mar 23)