[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Filter NTP traffic by packet size?

Subject: Filter NTP traffic by packet size?
From: swmike at swm.pp.se (Mikael Abrahamsson)
Date: Sun, 23 Feb 2014 16:14:52 +0100 (CET)
In-reply-to: <[email protected]>
References: <CAPpGzHFQoqqB6SKP1c1nX=LX9=C7djhi5szwN1trxE8bVMNJDg@mail.gmail.com> <[email protected]> <[email protected]> <CABSP1OfetOSRO0wrOdCWtAkOhnk0DJ00F=rDYn9bw+kDNrh8sg@mail.gmail.com> <CAD6AjGTfkjPJWQQpqvaUbiuOikWG=LEnw1o0=gaOm4_eUBGwNA@mail.gmail.com> <CABSP1Of35gXMLN4qJ0KuhHL9=8QuLMCBoZvFTpfM3aGs2BkHEg@mail.gmail.com> <CAD6AjGS_-uKWeesQKHt=PE=ynvHvyCVsODxatu4haVcHYkBd+g@mail.gmail.com> <[email protected]> <[email protected]> <CAD6AjGTvnOzp0c171UdFStF6HQaeogGCu=-ReGWNLOo7vSpx8g@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]>, <CAB8g2zyrKupk6uBjFj-7UcbDp0v8y1wh=FEjuqxOsTY4h1EiJw@mail.gmail.com> <[email protected]>

On Sun, 23 Feb 2014, Chris Laffin wrote:

> Ive talked to some major peering exchanges and they refuse to take any action. Possibly if the requests come from many peering participants it will be taken more seriously?

If only there was more focus on the BCP38 offenders who are the real root 
cause of this problem, I would be more happy.

I would be more impressed if the IXes would start to use their sFlow 
capabilities to find out what IX ports the NTP queries are coming to 
backtrace the traffic to the BCP38 offendors than try to block the NTP 
packets resulting from these src address forged queries.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

Follow-Ups:
- Filter NTP traffic by packet size?
  - From: peter.phaal at gmail.com (Peter Phaal)

References:
- Filter NTP traffic by packet size?
  - From: edwardroels at gmail.com (Edward Roels)
- Filter NTP traffic by packet size?
  - From: jw at nuclearfallout.net (John Weekes)
- Filter NTP traffic by packet size?
  - From: jared at puck.nether.net (Jared Mauch)
- Filter NTP traffic by packet size?
  - From: damian at google.com (Damian Menscher)
- Filter NTP traffic by packet size?
  - From: cb.list6 at gmail.com (Cb B)
- Filter NTP traffic by packet size?
  - From: damian at google.com (Damian Menscher)
- Filter NTP traffic by packet size?
  - From: cb.list6 at gmail.com (Cb B)
- Filter NTP traffic by packet size?
  - From: saku at ytti.fi (Saku Ytti)
- Filter NTP traffic by packet size?
  - From: cabo at tzi.org (Carsten Bormann)
- Filter NTP traffic by packet size?
  - From: cb.list6 at gmail.com (Cb B)
- Filter NTP traffic by packet size?
  - From: nick at foobar.org (Nick Hilliard)
- Filter NTP traffic by packet size?
  - From: fergdawgster at mykolab.com (Paul Ferguson)
- Filter NTP traffic by packet size?
  - From: claffin at peer1.com (Chris Laffin)
- Filter NTP traffic by packet size?
  - From: peter.phaal at gmail.com (Peter Phaal)
- Filter NTP traffic by packet size?
  - From: claffin at peer1.com (Chris Laffin)

Prev by Date: Filter NTP traffic by packet size?
Next by Date: Filter NTP traffic by packet size?
Previous by thread: Filter NTP traffic by packet size?
Next by thread: Filter NTP traffic by packet size?
Index(es):
- Date
- Thread