[AusNOG] Stopping unwanted random NTP traffic
Lindsay Hill
lindsay.k.hill at gmail.com
Wed Apr 16 10:32:34 EST 2014
You probably need to think about changing your upstream provider, if they
can't help deal with this - either by them mitigating traffic, or by giving
your RTBH capabilities.
On Wed, Apr 16, 2014 at 12:24 PM, Andrew Tschudi <andrewtschudi at gmail.com>wrote:
> The problem is our upstream provider could not help us stop the traffic
> and we ran out of network capacity. Engineering said they can look at
> blocking the traffic as part of a special project which might take 6 weeks.
>
> Andrew
>
>
>
> On Wed, Apr 16, 2014 at 10:15 AM, Dobbins, Roland <rdobbins at arbor.net>wrote:
>
>>
>> On Apr 16, 2014, at 7:13 AM, Andrew Tschudi <andrewtschudi at gmail.com>
>> wrote:
>>
>> > We were the target of the attacks and have no open NTP servers on our
>> network.
>>
>> Gotcha.
>>
>> In that case, you can use QoS to police down non-76-byte UDP/123 traffic
>> to 1mb/sec in aggregate or thereabouts, and ask your upstream transit(s) to
>> do the same on their side of the link(s).
>>
>> -----------------------------------------------------------------------
>> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>>
>> Luck is the residue of opportunity and design.
>>
>> -- John Milton
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140416/1fcc2624/attachment-0001.html>
More information about the AusNOG
mailing list