[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Filter NTP traffic by packet size?

Subject: Filter NTP traffic by packet size?
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Fri, 21 Feb 2014 03:00:27 +0000
In-reply-to: <[email protected]>
References: <CAPpGzHFQoqqB6SKP1c1nX=LX9=C7djhi5szwN1trxE8bVMNJDg@mail.gmail.com> <[email protected]>

On Feb 21, 2014, at 9:55 AM, Dobbins, Roland <rdobbins at arbor.net> wrote:

> Filtering out packets this size from UDP/anything to UDP/123 allows time-sync requests and responses to work, but squelches both the level-6/-7 commands used to trigger amplification as well as amplified attack traffic.

Also, the reverse - UDP/123 - UDP/anything, for the amplified attack traffic.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

References:
- Filter NTP traffic by packet size?
  - From: edwardroels at gmail.com (Edward Roels)
- Filter NTP traffic by packet size?
  - From: rdobbins at arbor.net (Dobbins, Roland)

Prev by Date: Filter NTP traffic by packet size?
Next by Date: Filter NTP traffic by packet size?
Previous by thread: Filter NTP traffic by packet size?
Next by thread: Filter NTP traffic by packet size?
Index(es):
- Date
- Thread