Filter NTP traffic by packet size?

Frank Habicht geier at
Thu Feb 27 05:46:48 UTC 2014

On 2/27/2014 8:09 AM, Randy Bush wrote:
>> I only ran the scan once, but had ~130k devices respond.
> is there any modern utility in chargen?

I know of none, maybe I'm too young.
So we could conclude we don't need that service running.

But some folk use ports for services other than the intended -
like tcp:443 for VPN ;-)

So if we can get enough abusable end-systems fixed (hope so *),
and we get enough source address validation (bcp38) to reduce sources of
badness (hope so *),
then the network won't need to block that port and
someone can make inventive use of it ;-)

(*) and working on it.


- seems something going on already, had one outside complain about traffic
from our IP udp:19
- better start scanning proactively

More information about the NANOG mailing list