nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Filter NTP traffic by packet size?

From: Nick Hilliard <nick () foobar org>
Date: Sat, 22 Feb 2014 15:06:32 +0000
On 22/02/2014 09:07, Cb B wrote:

Summary IETF response:  The problem i described is already solved by
bcp38, nothing to see here, carry on with UDP


udp is here to stay.  Denying this is no more useful than trying to push
the tide back with a teaspoon.

It's worth bearing in mind that any open tcp service will send out several
acks before giving up.  In other words, any standard open tcp socket will
provide a level of amplification worth using even if UDP were to be
switched off tomorrow.  Sure, not as good as the 230x amplification that
ntp monlist will give, but it's still a problem.

In the long term, it would be more useful to spent time and effort building
automated tools to track down the sources of the spoofed packets than
trying to deprecate UDP.

Nick
Previous By Date Next
Previous By Thread Next

Current thread: