Permitting spoofed traffic [Was: Re: ddos attack blog]
fergdawgster at mykolab.com
Fri Feb 14 18:42:55 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 2/14/2014 10:22 AM, Wayne E Bouchard wrote:
> On Thu, Feb 13, 2014 at 08:01:27PM -0500, Jared Mauch wrote:
>> I would actually like to ask for those folks to un-block NTP so
>> there is proper data on the number of hosts for those researching
>> this. The right thing to do is reconfigure them. I've seen a
>> good trend line in NTP servers being fixed, and hope we will see
>> more of that in the next few weeks.
> A slight exception to that statement, if I may...
> The right thing to do is for people to not permit services to
> operate on hosts they do not intend to operate on and not to be
> visible to those they do not intend to use them. In other words, to
> properly manage their networks. If that means blocking all access
> to potentially faulty implementations, then that's the right thing
> to do. In short, companies should do what is right for their
> companies and nevermind anyone else.
> Never forget that researches are just part of the "public" and
> should never consider that their usage of the internet is any more
> or less valid to the average third party than the next guy.
Taken to the logical extreme, the "right thing" to do is to deny any
spoofed traffic from abusing these services altogether. NTP is not the
only one; there is also SNMP, DNS, etc.
- - ferg
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the NANOG