TWC (AS11351) blocking all NTP?
Jay Ashworth
jra at baylink.com
Tue Feb 4 05:52:48 UTC 2014
----- Original Message -----
> From: "Glen Turner" <gdt at gdt.id.au>
> On 4 Feb 2014, at 9:28 am, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>
> > wait, so the whole of the thread is about stopping participants in
> > the attack, and you're suggesting that removing/changing end-system
> > switch/routing gear and doing something more complex than:
> > deny udp any 123 any
> > deny udp any 123 any 123
> > permit ip any any
>
> Which just pushes NTP to some other port, making control harder. We’ve
> already pushed all ‘interesting' traffic to port 80 on TCP, which has
> made traffic control very expensive. Let’s not repeat that history.
"Those who do not understand the Internet are condemned to reinvent it.
Poorly."
-- after henry at utzoo, though he was talking about Unix, and I am generally
looking at Tapatalk and talking about Usenet.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list