nanog mailing list archives
Re: Filter NTP traffic by packet size?
From: Blake Hudson <blake () ispn net>
Date: Tue, 25 Feb 2014 14:09:38 -0600
As an ISP in the USA, we try to follow the FCC's guidelines on a policy of non blocking. Not just because the FCC says so, but because we think it's in our and our customer's best interests. We don't dictate what our customer's can do with their internet connection as long as they're not breaking the law or negatively affecting the service for others.
--Blake Staudinger, Malcolm wrote the following on 2/25/2014 11:22 AM:
Why wouldn't you just block chargen entirely? Is it actually still being used these days for anything legitimate? Malcolm Staudinger Information Security Analyst | EIS EarthLink E: mstaudinger () corp earthlink com -----Original Message----- From: Blake Hudson [mailto:blake () ispn net] Sent: Tuesday, February 25, 2014 8:58 AM To: nanog () nanog org Subject: Re: Filter NTP traffic by packet size? I talked to one of our upstream IP transit providers and was able to negotiate individual policing levels on NTP, DNS, SNMP, and Chargen by UDP port within our aggregate policer. As mentioned, the legitimate traffic levels of these services are near 0. We gave each service many times the amount to satisfy subscribers, but not enough to overwhelm network links during an attack. --Blake
Current thread:
- Re: Filter NTP traffic by packet size?, (continued)
- Re: Filter NTP traffic by packet size? joel jaeggli (Feb 23)
- RE: Filter NTP traffic by packet size? James Braunegg (Feb 23)
- Re: Filter NTP traffic by packet size? sjt5atra (Feb 24)
- Re: Filter NTP traffic by packet size? Jérôme Nicolle (Feb 28)
- Re: Filter NTP traffic by packet size? Mikael Abrahamsson (Feb 23)
- Re: Filter NTP traffic by packet size? Randy Bush (Feb 23)
- Re: Filter NTP traffic by packet size? Ray Soucy (Feb 24)
- Re: Filter NTP traffic by packet size? Blake Hudson (Feb 25)
- RE: Filter NTP traffic by packet size? Staudinger, Malcolm (Feb 25)
- Re: Filter NTP traffic by packet size? Nick Hilliard (Feb 25)
- Re: Filter NTP traffic by packet size? Blake Hudson (Feb 25)
- Re: Filter NTP traffic by packet size? Keegan Holley (Feb 26)
- Re: Filter NTP traffic by packet size? Brandon Galbraith (Feb 26)
- Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 26)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Keegan Holley (Feb 27)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Ray Soucy (Feb 28)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 28)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Ray Soucy (Feb 28)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Jay Ashworth (Feb 28)
- Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?) Christopher Morrow (Feb 28)
- Re: Filter NTP traffic by packet size? Valdis . Kletnieks (Feb 26)