Filter NTP traffic by packet size?

• Previous message (by thread): Filter NTP traffic by packet size?
• Next message (by thread): Filter NTP traffic by packet size?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22/02/2014 09:07, Cb B wrote:
> Summary IETF response:  The problem i described is already solved by
> bcp38, nothing to see here, carry on with UDP

udp is here to stay.  Denying this is no more useful than trying to push
the tide back with a teaspoon.

It's worth bearing in mind that any open tcp service will send out several
acks before giving up.  In other words, any standard open tcp socket will
provide a level of amplification worth using even if UDP were to be
switched off tomorrow.  Sure, not as good as the 230x amplification that
ntp monlist will give, but it's still a problem.

In the long term, it would be more useful to spent time and effort building
automated tools to track down the sources of the spoofed packets than
trying to deprecate UDP.

Nick

• Previous message (by thread): Filter NTP traffic by packet size?
• Next message (by thread): Filter NTP traffic by packet size?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]