Filter NTP traffic by packet size?
swmike at swm.pp.se
Sun Feb 23 15:14:52 UTC 2014
On Sun, 23 Feb 2014, Chris Laffin wrote:
> Ive talked to some major peering exchanges and they refuse to take any action. Possibly if the requests come from many peering participants it will be taken more seriously?
If only there was more focus on the BCP38 offenders who are the real root
cause of this problem, I would be more happy.
I would be more impressed if the IXes would start to use their sFlow
capabilities to find out what IX ports the NTP queries are coming to
backtrace the traffic to the BCP38 offendors than try to block the NTP
packets resulting from these src address forged queries.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG