[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Filter NTP traffic by packet size?
- Subject: Filter NTP traffic by packet size?
- From: damian at google.com (Damian Menscher)
- Date: Fri, 21 Feb 2014 13:30:05 -0800
- In-reply-to: <CAD6AjGTfkjPJWQQpqvaUbiuOikWG=LEnw1o0=gaOm4_eUBGwNA@mail.gmail.com>
- References: <CAPpGzHFQoqqB6SKP1c1nX=LX9=C7djhi5szwN1trxE8bVMNJDg@mail.gmail.com> <[email protected]> <[email protected]> <CABSP1OfetOSRO0wrOdCWtAkOhnk0DJ00F=rDYn9bw+kDNrh8sg@mail.gmail.com> <CAD6AjGTfkjPJWQQpqvaUbiuOikWG=LEnw1o0=gaOm4_eUBGwNA@mail.gmail.com>
On Fri, Feb 21, 2014 at 1:22 PM, Cb B <cb.list6 at gmail.com> wrote:
> On Thu, Feb 20, 2014 at 2:12 PM, Damian Menscher <damian at google.com>
> wrote:
> > On Thu, Feb 20, 2014 at 1:03 PM, Jared Mauch <jared at puck.nether.net>
> wrote:
> > You may also want to look at filtering UDP/80 outright as well, as that
> is
> >> commonly used as an "I'm going to attack port 80" by attackers that
> don't
> >> quite understand the difference between UDP and TCP.
> >
> > Please don't filter UDP/80. It's used by QUIC (
> > http://en.wikipedia.org/wiki/QUIC).
>
> The folks at QUIC have been advised to not use UDP for a new protocol,
> and they would be very well advised to not use UDP:80 since that is a
> well known target port used in the DDoS reflection attacks.
>
Please suggest which protocol has less blocking on the internet today
(keeping in mind the full end-to-end stack of CPE, various ISPs,
country-level proxies, backbone providers, etc).
Damian