nanog mailing list archives
Re: TWC (AS11351) blocking all NTP?
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Mon, 3 Feb 2014 06:02:18 +0000
On Feb 3, 2014, at 12:45 PM, Michael DeMan <nanog () deman com> wrote:
From a provider point of view, given the choices between contacting the end-users vs. mitigating the problem, if I were in TW position if I was unable to immediately contact the numerous downstream customers that were affected by this, I would take the option to block NTP on a case-by-case basis (perhaps even taking a broad brush) rather than allow it to continue and cause disruptions elsewhere.
Per my previous post in this thread, there are ways to do this without blocking client access to ntp servers; in point of fact, unless the ISP in question isn't performing antispoofing at their customer aggregation edge, blocking client access to ntp servers does nothing to address (pardon the pun) the issue of ntp reflection/amplification DDoS attacks. All that broadband access operators need to do is to a) enforce antispoofing as close to their customers as possible, and b) enforce their AUPs (most broadband operators prohibit operating servers) by blocking *inbound* UDP/123 traffic towards their customers at the customer aggregation edge (same for DNS, chargen, and SNMP). ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- TWC (AS11351) blocking all NTP? Jonathan Towne (Feb 01)
- Re: TWC (AS11351) blocking all NTP? Paul Ferguson (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Jonathan Towne (Feb 02)
- Re: TWC (AS11351) blocking all NTP? John Levine (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Michael DeMan (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Michael DeMan (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 02)
- Re: TWC (AS11351) blocking all NTP? John Kristoff (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 03)
- Re: TWC (AS11351) blocking all NTP? John Levine (Feb 02)
- Re: TWC (AS11351) blocking all NTP? John Levine (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Valdis . Kletnieks (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Livingood, Jason (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Jared Mauch (Feb 03)