TWC (AS11351) blocking all NTP?

Jay Ashworth jra at baylink.com
Tue Feb 4 05:52:48 UTC 2014


----- Original Message -----
> From: "Glen Turner" <gdt at gdt.id.au>

> On 4 Feb 2014, at 9:28 am, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
> 
> > wait, so the whole of the thread is about stopping participants in
> > the attack, and you're suggesting that removing/changing end-system
> > switch/routing gear and doing something more complex than:
> >  deny udp any 123 any
> >  deny udp any 123 any 123
> >  permit ip any any
> 
> Which just pushes NTP to some other port, making control harder. We’ve
> already pushed all ‘interesting' traffic to port 80 on TCP, which has
> made traffic control very expensive. Let’s not repeat that history.

"Those who do not understand the Internet are condemned to reinvent it.
 Poorly."

-- after henry at utzoo, though he was talking about Unix, and I am generally
    looking at Tapatalk and talking about Usenet.

Cheers,
-- jra

-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274



More information about the NANOG mailing list