nanog mailing list archives

Re: TWC (AS11351) blocking all NTP?

From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Mon, 3 Feb 2014 10:52:29 +0100

On Sun, Feb 02, 2014 at 02:49:49PM -0800,
 Matthew Petach <mpetach () netflight com> wrote 
 a message of 49 lines which said:

If NTP responded to a single query with a single equivalently sized
response, its effectiveness as a DDoS attack would be zero; with
zero amplification, the volume of attack traffic would be exactly
equivalent to the volume of spoofed traffic the originator could
send out in the first place.


It is a bit more complicated. Reflection with amplification is
certainly much less useful for an attacker but it has still some
advantages: the attack traffic coming to the victim's AS will be
distributed differently (entering via different peers), making
tracking the attacker through Netflow/Ipfix more difficult.

Current thread:

Re: TWC (AS11351) blocking all NTP?, (continued)
- - - Re: TWC (AS11351) blocking all NTP? Christopher Morrow (Feb 03)
    - Re: TWC (AS11351) blocking all NTP? Jay Ashworth (Feb 03)
    - Re: TWC (AS11351) blocking all NTP? Peter Phaal (Feb 03)
    - Re: TWC (AS11351) blocking all NTP? Christopher Morrow (Feb 03)
    - Re: TWC (AS11351) blocking all NTP? Laszlo Hanyecz (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? Christopher Morrow (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? Laszlo Hanyecz (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 03)
    - Re: TWC (AS11351) blocking all NTP? Stephane Bortzmeyer (Feb 03)
    - BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Paul Ferguson (Feb 03)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Cb B (Feb 03)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 03)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] jamie rishaw (Feb 06)
    - Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? Jared Mauch (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? William Herrin (Feb 04)
    - Re: TWC (AS11351) blocking all NTP? Jared Mauch (Feb 04)
    - BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Paul Ferguson (Feb 04)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Valdis . Kletnieks (Feb 04)

(Thread continues...)