TWC (AS11351) blocking all NTP?
Dobbins, Roland
rdobbins at arbor.net
Mon Feb 3 06:16:23 UTC 2014
On Feb 3, 2014, at 1:02 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
> b) enforce their AUPs (most broadband operators prohibit operating servers) by blocking *inbound* UDP/123 traffic towards their customers at the customer aggregation edge
Actually, this can cause problems for ntpds operating in symmetric mode, where both the source and destination ports are UDP/123. Allowing inbound UDP/123 - UDP/123 and then rate-limiting it would be one approach; another would be to block outbound UDP/123 emanating from customers based upon packet size, if one's hardware allows matching on size in ACLs.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the NANOG
mailing list