TWC (AS11351) blocking all NTP?

Paul Ferguson fergdawgster at mykolab.com
Sun Feb 2 16:14:43 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

While I do not profess to know the cause of your particular NTP sync
problem, this *might* be due to knee-jerk reactions to the NTP
reflection/amplification DDoS attacks that have been quite an
annoyance and operational issue lately.  suspect that some operators
have found that perhaps they harbored some device inside their own
networks are being used (or might be used) to facilitate these attacks:

https://www.us-cert.gov/ncas/current-activity/2014/01/10/Network-Time-Protocol-NTP-Amplification-Attacks

See also:

http://openntpproject.org/

- - ferg


On 2/1/2014 8:03 PM, Jonathan Towne wrote:

> This evening all of my servers lost NTP sync, stating that our
> on-site NTP servers hadn't synced in too long.
> 
> Reference time noted by the local NTP servers: Fri, Jan 31 2014
> 19:11:29.725
> 
> Apparently since then, NTP has been unable to traverse the circuit.
> Our other provider is shuffling NTP packets just fine, and after
> finding an NTP peer that return routed in that direction, I was
> able to get NTP back in shape.
> 
> Spot checking various NTP peers configured on my end with various
> looking glasses close to the far-end confirm that anytime the
> return route is through AS11351, we never get the responses.
> Outbound routes almost always take the shorter route through our
> other provider.
> 
> Is anyone else seeing this, or am I lucky enough to have it
> localized to my region (Northern NY)?
> 
> I've created a ticket with the provider, although with it being the
> weekend, I have doubts it'll be a quick resolution.  I'm sure its a
> strange knee-jerk response to the monlist garbage.  Still, stopping
> time without warning is Uncool, Man.
> 
> -- Jonathan Towne
> 
> 
> 


- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLubvMACgkQKJasdVTchbK8mwD9HDHJ2YSDciN8k6YkRDu4MbxS
r0zEU/8ofP8HaK8YoEYBANhDP+VIhC3Cz/cKc4TI8WeGHqX1ZWN1OwnxLihR3sjx
=KEeR
-----END PGP SIGNATURE-----



More information about the NANOG mailing list