Filter NTP traffic by packet size?

• Previous message (by thread): Filter NTP traffic by packet size?
• Next message (by thread): Atlanta - Patch Cables
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Most of what I've seen are reset configs on network gear, standalone devices (printers), and the occasional win 98 box with network addons.
We put blocks in place for ntp, SNMP for a short time to get things under control. Chargen was so small it was easier to just alert folks directly.

HTH.

Cheers,
Harry

On Feb 26, 2014 5:33 PM, Valdis.Kletnieks at vt.edu wrote:
>
> On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said: 
>
> > Blocking chargen at the edge doesn't seem to be outside of the realm of 
> > possibilities. 
>
> What systems are (a) still have chargen enabled and (b) common enough to make 
> it a viable DDoS vector?  Just wondering if I need to go around and find 
> users of mine that need to be smacked around with a large trout.... 

• Previous message (by thread): Filter NTP traffic by packet size?
• Next message (by thread): Atlanta - Patch Cables
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]