Filter NTP traffic by packet size?
Frank Habicht
geier at geier.ne.tz
Thu Feb 27 05:46:48 UTC 2014
On 2/27/2014 8:09 AM, Randy Bush wrote:
>> I only ran the scan once, but had ~130k devices respond.
>
> is there any modern utility in chargen?
I know of none, maybe I'm too young.
So we could conclude we don't need that service running.
But some folk use ports for services other than the intended -
like tcp:443 for VPN ;-)
So if we can get enough abusable end-systems fixed (hope so *),
and we get enough source address validation (bcp38) to reduce sources of
badness (hope so *),
then the network won't need to block that port and
someone can make inventive use of it ;-)
(*) and working on it.
Frank
PS:
- seems something going on already, had one outside complain about traffic
from our IP udp:19
- better start scanning proactively
More information about the NANOG
mailing list