On Sunday 16 March 2014 20:16:30 AlbyVA wrote: > Has anybody else noticed the rapid decline in NTP Pool servers over the > last couple of months? <snip> > It > just appears that excessive > actions are being taken against NTP traffic across the board. Word needs to > go out for providers to > slow down with the heavy hand of outright port blocking (if that is what's > really going on). I'm just using > my own encounters as a window on what might be a larger issue underway. > > -Alby
I'd concur with your analysis here; The primary problem is that providers have knee-jerk responses that are contingent on existing port-based filtering that seems so commonplace. What needs to happen is there needs to be direct pressure for anyone and everyone who operates a network — regardless if it's a small office network or multi-national network provider to implement BCP38[1]. At this point providers are comfortable with blocking ports because with the likes of NETBIOS 138/445, SMTP 25 it allegedly made sense rather than working against the cause of the problems and the providers that aid and abet the abuse. Now NTP 123 is joining those port blocking ranks. The root of the problem is that operators on the Internet no longer really want to "rock the boat" and name names of providers who permit abusive traffic, and to implement operational policies that manage the risk of communicating with those providers. Why these "don't rock the boat" policies are in play is anyone's guess and is outside of the scope of this list but suffice it to say until BCP38 is implemented on most networks, the problematic networks won't feel the pressure to bring these UDP abuses under control. Without BCP38, it will only be a matter of time before another UDP-transported protocol is abused for amplification DNS... NTP... what next?.. [1] http://tools.ietf.org/html/bcp38 and http://www.bcp38.info/index.php/Main_Page -- Kradorex Xeron <[email protected]> Founder, Executive Director Digibase Operations, Research and Development _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
