As an ISP in the USA, we try to follow the FCC's guidelines on a policy
of non blocking. Not just because the FCC says so, but because we think
it's in our and our customer's best interests. We don't dictate what our
customer's can do with their internet connection as long as they're not
breaking the law or negatively affecting the service for others.
--Blake
Staudinger, Malcolm wrote the following on 2/25/2014 11:22 AM:
Why wouldn't you just block chargen entirely? Is it actually still being used
these days for anything legitimate?
Malcolm Staudinger
Information Security Analyst | EIS
EarthLink
E: mstaudin...@corp.earthlink.com
-----Original Message-----
From: Blake Hudson [mailto:bl...@ispn.net]
Sent: Tuesday, February 25, 2014 8:58 AM
To: nanog@nanog.org
Subject: Re: Filter NTP traffic by packet size?
I talked to one of our upstream IP transit providers and was able to negotiate
individual policing levels on NTP, DNS, SNMP, and Chargen by UDP port within
our aggregate policer. As mentioned, the legitimate traffic levels of these
services are near 0. We gave each service many times the amount to satisfy
subscribers, but not enough to overwhelm network links during an attack.
--Blake
