On Friday, February 14, 2014 03:01:27 AM Jared Mauch wrote:
I would actually like to ask for those folks to un-block
NTP so there is proper data on the number of hosts for
those researching this. The right thing to do is
reconfigure them. I've seen a good trend line in NTP
servers being
On Thu, Feb 13, 2014 at 08:01:27PM -0500, Jared Mauch wrote:
I would actually like to ask for those folks to un-block NTP so there is
proper data on the number of hosts for those researching this. The right
thing to do is reconfigure them. I've seen a good trend line in NTP servers
being
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/14/2014 10:22 AM, Wayne E Bouchard wrote:
On Thu, Feb 13, 2014 at 08:01:27PM -0500, Jared Mauch wrote:
I would actually like to ask for those folks to un-block NTP so
there is proper data on the number of hosts for those researching
this.
On 02/13/2014 06:01 PM, Jared Mauch wrote:
On Feb 13, 2014, at 1:47 PM, John jsch...@flowtools.net wrote:
snip
UDP won't be blocked. There are some vendors that have their own hidden
protocol inside UDP packets to control and communicate with their devices.
Thinking on it again, maybe
On 2/14/2014 12:42 PM, Paul Ferguson wrote:
Taken to the logical extreme, the right thing to do is to deny any
spoofed traffic from abusing these services altogether.
Since the 1990s I have argued (ineffectively, it turns out) a case that
says that sentence can be edited down to good
I was being a bit extreme, I don't expect UDP to be blocked and there are
valid uses for NTP and it needs to pass. Can you imagine the trading
servers not having access to NTP?
Sure.
They could setup internal NTP servers listening to GPS. Would it be as good
overall as using external
On 2/14/14, 3:00 PM, Hal Murray wrote:
I was being a bit extreme, I don't expect UDP to be blocked and there are
valid uses for NTP and it needs to pass. Can you imagine the trading
servers not having access to NTP?
Sure.
They could setup internal NTP servers listening to GPS. Would
On Fri, Feb 14, 2014 at 10:42:55AM -0800, Paul Ferguson wrote:
[snip]
Taken to the logical extreme, the right thing to do is to deny any
spoofed traffic from abusing these services altogether. NTP is not the
only one; there is also SNMP, DNS, etc.
...and then we're back to implement BCP38
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/14/2014 3:00 PM, Larry Sheldon wrote:
On 2/14/2014 12:42 PM, Paul Ferguson wrote:
Taken to the logical extreme, the right thing to do is to deny
any spoofed traffic from abusing these services altogether.
Since the 1990s I have argued
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/14/2014 4:09 PM, Joe Provo wrote:
On Fri, Feb 14, 2014 at 10:42:55AM -0800, Paul Ferguson wrote:
[snip]
Taken to the logical extreme, the right thing to do is to deny
any spoofed traffic from abusing these services altogether. NTP
is not
On 2/14/2014 9:07 PM, Paul Ferguson wrote:
Indeed -- I'm not in the business of bit-shipping these days, so I
can't endorse or advocate any particular method of blocking spoofed IP
packets in your gear.
If you're dead-end, a basic ACL that permits ONLY your prefixes on
egress, and blocks your
Good write up, includes name and shame for ATT Wireless, IIJ, OVH,
DTAG and others
http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack
Standard plug for http://openntpproject.org/ and
http://openresolverproject.org/ and bcp38 , please fix/help.
For those
On Feb 13, 2014, at 12:06 PM, Cb B cb.li...@gmail.com wrote:
Good write up, includes name and shame for ATT Wireless, IIJ, OVH,
DTAG and others
http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack
Standard plug for http://openntpproject.org/ and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/13/2014 9:06 AM, Cb B wrote:
Good write up, includes name and shame for ATT Wireless, IIJ,
OVH, DTAG and others
http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack
Standard plug for
On 02/13/2014 10:06 AM, Cb B wrote:
Good write up, includes name and shame for ATT Wireless, IIJ, OVH,
DTAG and others
http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack
Standard plug for http://openntpproject.org/ and
http://openresolverproject.org/
On Feb 13, 2014, at 1:47 PM, John jsch...@flowtools.net wrote:
On 02/13/2014 10:06 AM, Cb B wrote:
Good write up, includes name and shame for ATT Wireless, IIJ, OVH,
DTAG and others
http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack
Standard plug
16 matches
Mail list logo
