Filter NTP traffic by packet size?

Harry Hoffman hhoffman at
Thu Feb 27 02:01:29 UTC 2014

Most of what I've seen are reset configs on network gear, standalone devices (printers), and the occasional win 98 box with network addons.
We put blocks in place for ntp, SNMP for a short time to get things under control. Chargen was so small it was easier to just alert folks directly.



On Feb 26, 2014 5:33 PM, Valdis.Kletnieks at wrote:
> On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said: 
> > Blocking chargen at the edge doesn't seem to be outside of the realm of 
> > possibilities. 
> What systems are (a) still have chargen enabled and (b) common enough to make 
> it a viable DDoS vector?  Just wondering if I need to go around and find 
> users of mine that need to be smacked around with a large trout.... 

More information about the NANOG mailing list