Filter NTP traffic by packet size?

Damian Menscher damian at
Fri Feb 21 21:30:05 UTC 2014

On Fri, Feb 21, 2014 at 1:22 PM, Cb B <cb.list6 at> wrote:

> On Thu, Feb 20, 2014 at 2:12 PM, Damian Menscher <damian at>
> wrote:
> > On Thu, Feb 20, 2014 at 1:03 PM, Jared Mauch <jared at>
> wrote:
> > You may also want to look at filtering UDP/80 outright as well, as that
> is
> >> commonly used as an "I'm going to attack port 80" by attackers that
> don't
> >> quite understand the difference between UDP and TCP.
> >
> > Please don't filter UDP/80.  It's used by QUIC (
> >
> The folks at QUIC have been advised to not use UDP for a new protocol,
> and they would be very well advised to not use UDP:80 since that is a
> well known target port used in the DDoS reflection attacks.

Please suggest which protocol has less blocking on the internet today
(keeping in mind the full end-to-end stack of CPE, various ISPs,
country-level proxies, backbone providers, etc).


More information about the NANOG mailing list