Filter NTP traffic by packet size?

Dobbins, Roland rdobbins at arbor.net
Fri Feb 21 03:08:16 UTC 2014


On Feb 21, 2014, at 9:55 AM, Dobbins, Roland <rdobbins at arbor.net> wrote:

> Filtering out packets this size from UDP/anything to UDP/123 allows time-sync requests and responses to work, but squelches both the level-6/-7 commands used to trigger amplification as well as amplified attack traffic.

That should read, filtering out packets **** NOT **** that size.

Lack of sleep, apologies.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the NANOG mailing list