nanog mailing list archives
Re: Filter NTP traffic by packet size?
From: Ray Soucy <rps () maine edu>
Date: Mon, 24 Feb 2014 09:23:30 -0500
We have had pretty good success in identifying offenders with simple monitoring flow data for NTP flows destined for our address space with packet counts higher than 100; we disable them and notify to correct the configuration on the host. Granted we only service about 1,000 different customers. In cases where a large amount of incoming traffic was generated, we have been able to temporarily blackhole offenders to not saturate smaller downstream connections until traffic levels die down; unfortunately it takes a few days for that to happen, and many service providers outside the US don't seem to be very responsive to their published abuse address. I prefer targeted, temporary, and communicated filtering for actual incidents over blanket filtering for potential incidents. On Sun, Feb 23, 2014 at 7:35 PM, Randy Bush <randy () psg com> wrote:
Ive talked to some major peering exchanges and they refuse to take any action. Possibly if the requests come from many peering participants it will be taken more seriously?i have talked to fiber providers and they have refused to take action. perhaps if requests came from hundreds of the unclued zombies they would take it seriously. randy
-- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net
Current thread:
- Re: Filter NTP traffic by packet size?, (continued)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? George William Herbert (Feb 23)
- Re: Filter NTP traffic by packet size? Royce Williams (Feb 23)
- Re: Filter NTP traffic by packet size? Royce Williams (Feb 23)
- Re: Filter NTP traffic by packet size? joel jaeggli (Feb 23)
- RE: Filter NTP traffic by packet size? James Braunegg (Feb 23)
- Re: Filter NTP traffic by packet size? sjt5atra (Feb 24)
- Re: Filter NTP traffic by packet size? Jérôme Nicolle (Feb 28)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? Randy Bush (Feb 23)
- Re: Filter NTP traffic by packet size? Ray Soucy (Feb 24)
- Re: Filter NTP traffic by packet size? Blake Hudson (Feb 25)
- RE: Filter NTP traffic by packet size? Staudinger, Malcolm (Feb 25)
- Re: Filter NTP traffic by packet size? Nick Hilliard (Feb 25)
- Re: Filter NTP traffic by packet size? Blake Hudson (Feb 25)
- Re: Filter NTP traffic by packet size? Keegan Holley (Feb 26)
- Re: Filter NTP traffic by packet size? Brandon Galbraith (Feb 26)
- Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 26)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Keegan Holley (Feb 27)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Ray Soucy (Feb 28)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 28)