On Feb 12, 2014, at 6:46 AM, omar parihuana <[email protected]> wrote:
> I've just put an ACL in order to block NTP outbound traffic. You should look at the ntp sources, find out which allow monlist, et. al. (see <http://www.openntpproject.org/>), then work to remediate those specific ntpds. Blocking ntp traffic wholesale is something which might make sense in an emergency as you describe, for a brief time, but which shouldn't be done any longer than is absolutely necessary. btw, you don't need NBAR to detect/classify this traffic - regular NetFlow will do. NBAR eats up a lot more resources on your box. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
