[AusNOG] Stopping unwanted random NTP traffic

Skeeve Stevens skeeve+ausnog at eintellegonetworks.com
Tue Apr 15 15:32:53 EST 2014


Hi Andrew (and thanks Joshua),

I presume you are a service provider of some sort, but even SP's, it can
depend on what kind of SP.

This might sound simplistic... but I believe straight out tail providers
should avoid worrying too much about what I call 'micro-security'.... that
is, ports, scanning, etc... your job is to not mess with traffic and allow
it to flow through your network as un-molested as possible.  Performance is
the number one thing you need to concentrate, and your network should be
about passing packets as fast as you can.  So, 'macro-security', things
that impact your performance, DDoS, etc, that is something you need to
consider - or just live with it when you are hit.

I don't like seeing servers or tails abdicating their responsibility for
host security being passed to the upstream network.... I believe it is lazy
security and if your perimeter fails, all inside points are screwed.  That
and you will need far bigger boxen to process that sort of thing.

Unless of course you are an SP offering security or protection as a
service... then you need to look everything in a very different way.  You
need to figure out WHY and WHAT you are doing, and then put in place
processes for it.

NTP is just the flavour of the past month... there are squillions of other
scans and attacks which hit all day every day and you need to be prepared
for all of them at the host level.

If your network is an enterprise style, then you should have good perimeter
security and also be considering firewalls, IPS, etc... and actually
proactively look at it... the set and forget mentality just pisses me off.

I recently had a customer that spent over 100k on perimeter security - and
nice kit too... but when I asked to see the procedures for what happens
when something is detected, etc etc... they didn't have anything, nor was
it anyones job to be watching it.  It is the difference between installing
bars on a house, and having a security guard wandering past every few hours.

Let me know if you want to talk to someone... I have a couch for you to lie
on :)


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


On Tue, Apr 15, 2014 at 2:32 PM, Joshua D'Alton <joshua at railgun.com.au>wrote:

> Pretty sure BGP communities won't help with this, you could email skeeve
> this is probably the sort of thing they do.
>
>
> On Tue, Apr 15, 2014 at 2:09 PM, Andrew Tschudi <andrewtschudi at gmail.com>wrote:
>
>> We have been receiving unwanted inbound NTP traffic towards multiple
>> different servers within our network. This has been creating days of pain
>> and after liaising with our upstream provider it turns out that they have
>> no BGP communities. Had they had BGP Communities, this would then allow me
>> to block the traffic from reaching my routers, which are continuously being
>> flooded. I figure, it’s now time for me to attempt to source some external
>> help.
>>
>> Can anyone on provide any recommendations for sourcing professional
>> services that would be trusted in advising the best way to protect and
>> secure our network?
>>
>> Andrew
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140415/2f83f66f/attachment.html>


More information about the AusNOG mailing list