[AusNOG] UDP based HTTP attack?

Roland Dobbins rdobbins at arbor.net
Sun Sep 20 12:26:14 EST 2015


On 20 Sep 2015, at 8:36, Matt Richards wrote:

> It's a PBX, so NTP is used to set the time on the phones - we'll just 
> have to find a way around not having NTP exposed on it.

Drop anything UDP/123 to/from it which isn't UDP/123 - UDP/123 at 76 
bytes (minus l2 headers).  This will allow timesync to work, whilst 
disallowing reflection/amplification initiation in most cases, and 
certainly suppressing it outbound.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>


More information about the AusNOG mailing list