Filter NTP traffic by packet size?

Mikael Abrahamsson swmike at swm.pp.se
Sun Feb 23 15:14:52 UTC 2014


On Sun, 23 Feb 2014, Chris Laffin wrote:

> Ive talked to some major peering exchanges and they refuse to take any action. Possibly if the requests come from many peering participants it will be taken more seriously?

If only there was more focus on the BCP38 offenders who are the real root 
cause of this problem, I would be more happy.

I would be more impressed if the IXes would start to use their sFlow 
capabilities to find out what IX ports the NTP queries are coming to 
backtrace the traffic to the BCP38 offendors than try to block the NTP 
packets resulting from these src address forged queries.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se



More information about the NANOG mailing list