BCP38.info, RELATING: TWC (AS11351) blocking all NTP?
Michael DeMan
nanog at deman.com
Mon Feb 3 08:24:08 UTC 2014
Hi,
I think I might have already deleted subject matter a few days ago in re: BCP38.
What exactly are you trying to do?
I agree my general comment about the recent NTP weaknesses should be addressed via IPv6 RFC may have been mis-understood.
I meant mostly that with IPv6 NAT goes away, all devices are exposed, and we also have the 'internet of things' - much more subject to potential abuse.
An NTPv5 solution that could be done with NTP services already, and would be more of a 'best practices of how this shit starts up and what it can do' and educating vendors to have reasonable behavior in the first place?
And an NTPv6 solution/RFC/guideline that was similar, could help?
Neither will 'solve the problem' - but I think the idea of managing what somebody can do and having the provider filter in/out on IPv4 and/or mobile ipV4, much less ipV6 is very unorthodox and much against the spirit of having global m:n communications be helpful for humanity.
My apologies if I mis-understand your recent and last few e-mails.
I disagree that 'filtering' or 'blocking' any kind of IPv4 or IPv6 protocol to 'protect the end user' is the wrong way to go when compared to just having things work in a secure manner.
- Mike
On Feb 3, 2014, at 12:07 AM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
> On Feb 3, 2014, at 2:55 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
>> It would be useful to know whether there are in fact NATs, or are 'DNS forwarders' . . .
>
> Another question is whether or not it's possible that in at least some cases, MITMing boxes on intermediary networks are grabbing these queries and then spoofing the scanner source IP as they redirect the queries . . . . if this is taking place, then it would be the network(s) with the MITMing box(es) which allow spoofing, irrespective of whether or not the intended destination networks do, yes?
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Luck is the residue of opportunity and design.
>
> -- John Milton
>
>
More information about the NANOG
mailing list