TWC (AS11351) blocking all NTP?

Paul Ferguson fergdawgster at
Sun Feb 2 16:14:43 UTC 2014

Hash: SHA256

While I do not profess to know the cause of your particular NTP sync
problem, this *might* be due to knee-jerk reactions to the NTP
reflection/amplification DDoS attacks that have been quite an
annoyance and operational issue lately.  suspect that some operators
have found that perhaps they harbored some device inside their own
networks are being used (or might be used) to facilitate these attacks:

See also:

- - ferg

On 2/1/2014 8:03 PM, Jonathan Towne wrote:

> This evening all of my servers lost NTP sync, stating that our
> on-site NTP servers hadn't synced in too long.
> Reference time noted by the local NTP servers: Fri, Jan 31 2014
> 19:11:29.725
> Apparently since then, NTP has been unable to traverse the circuit.
> Our other provider is shuffling NTP packets just fine, and after
> finding an NTP peer that return routed in that direction, I was
> able to get NTP back in shape.
> Spot checking various NTP peers configured on my end with various
> looking glasses close to the far-end confirm that anytime the
> return route is through AS11351, we never get the responses.
> Outbound routes almost always take the shorter route through our
> other provider.
> Is anyone else seeing this, or am I lucky enough to have it
> localized to my region (Northern NY)?
> I've created a ticket with the provider, although with it being the
> weekend, I have doubts it'll be a quick resolution.  I'm sure its a
> strange knee-jerk response to the monlist garbage.  Still, stopping
> time without warning is Uncool, Man.
> -- Jonathan Towne

- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2

Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird -


More information about the NANOG mailing list