Re: Filter NTP traffic by packet size?

Brocade demonstrated how peering exchanges can selectively filter large NTP reflection flows using the sFlow monitoring and hybrid port OpenFlow capabilities of their MLXe switches at last week's Network Field Day event. http://blog.sflow.com/2014/02/nfd7-real-time-sdn-and-nfv-analytics_1986.html

Re: Filter NTP traffic by packet size?

> The obvious solution for a new protocol is to make sure that it > doesn’t have that problem, whether it is layered on UDP or something > else. i'll settle for configured by default not to welcome amplification queries with open arms. let's not throw the baby out with the bathwater (excuse the y

Re: Filter NTP traffic by packet size?

Has anyone talked about policing ntp everywhere. Normal traffic levels are extremely low but the ddos traffic is very high. It would be really cool if peering exchanges could police ntp on their connected members. > On Feb 22, 2014, at 8:05, "Paul Ferguson" wrote: > > -BEGIN PGP SIGNED ME

Re: The somewhat illegal fix for NTP attacks

On Sat, Feb 22, 2014 at 6:41 AM, Rich Kulawiec wrote: Perhaps you would rather publish a blacklist of "/24s containing NTP servers open to MONLIST" over UDP port 123 similar to the bogon feeds. And encourage all networks to blackhole the list. That way potential NTP reflection abuse traffi

RE: out of band management gear

We're using VerizonWireless CradlePoints, Fortigate 80C firewalls, and Digi CM32's for our OOB solution. There were a few times when VerizonWireless went down, but at those times we did not have the emergency need to be on the OOB network. It's a simple setup and not too costly. We got the CM32

Re: Filter NTP traffic by packet size?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/22/2014 7:06 AM, Nick Hilliard wrote: > On 22/02/2014 09:07, Cb B wrote: >> Summary IETF response: The problem i described is already solved >> by bcp38, nothing to see here, carry on with UDP > > udp is here to stay. Denying this is no more

Re: Filter NTP traffic by packet size?

On 22/02/2014 09:07, Cb B wrote: > Summary IETF response: The problem i described is already solved by > bcp38, nothing to see here, carry on with UDP udp is here to stay. Denying this is no more useful than trying to push the tide back with a teaspoon. It's worth bearing in mind that any open

RE: out of band management gear

We used old fashioned Cisco 2500's with octal cables. Old school for small deployments. We have toyed with the idea of trying to obtain OOB access via 3G/4G instead of using a dialup modem. Has anyone tried that and if so, what hardware would you recommend? -Original Message- From: Ni

RE: Gmail throttling?

On Friday, February 21, 2014 4:59 PM, Eduardo A. Suárez wrote: > some of our users have forwarded the email to Gmail and Gmail now are > complaining that this is bulk mail and delaying it. > > We have SPF, DKIM, DMARC, even SRS to try these things do no

Re: The somewhat illegal fix for NTP attacks

On Feb 21, 2014, at 5:08 PM, Baldur Norddahl wrote: > Hi > > The following would probably be illegal so do not actually do this. But > what if... there are just 4 billion IPv4 addresses. Scanning that > address-space for open NTP is trivially done in a few hours. Abusing these > servers for ref

Re: The somewhat illegal fix for NTP attacks

It's never appropriate to respond to abuse with abuse. Not only is it questionable/unprofessional behavior, but -- as we've seen -- there is a high risk that it'll exacerbate the problem, often by targeting innocent third parties. I understand the frustration but this is not the way. ---rsk

Re: Filter NTP traffic by packet size?

On (2014-02-22 09:38 +0100), Carsten Bormann wrote: > Oh, the transport area people *are* in their high gear. > Their frantic movements may just seem static to you as they operate on more > drawn-out time scales. > (The last transport protocol I worked on became standards-track 16 years > after

Re: Filter NTP traffic by packet size?

>> (Just be careful not to try to "fight yesterday's war”.) > yesterday's war = don't bring up that operators are having a real > problem with UDP, No, you don’t. You are having a problem with applications that enable strongly amplified reflection. (Yes, after the days of smurf passed, these a

Re: Filter NTP traffic by packet size?

On Sat, Feb 22, 2014 at 12:38 AM, Carsten Bormann wrote: > On 22 Feb 2014, at 08:47, Saku Ytti wrote: > >> I'm surprised MinimaLT and QUIC have have not put transport area people in >> high gear towards standardization of new PKI based L4 protocol, I think its >> elegant solution to many practica

Re: Filter NTP traffic by packet size?

On 22 Feb 2014, at 08:47, Saku Ytti wrote: > I'm surprised MinimaLT and QUIC have have not put transport area people in > high gear towards standardization of new PKI based L4 protocol, I think its > elegant solution to many practical reoccurring problem, solution which has > become practical onl

Re: Gmail throttling?

On 22 February 2014 01:03, Brian Henson wrote: > The correct URL should be https://support.google.com/mail/answer/81126 The URL is actually correct, it just happens that the "html" part in "bulk_mail.html" only shows up on the next line - if you use it, it eventually redirects to the above. > >