Forgive me for missing the obvious
here, but isn't the answer to drop packets emitting from customers
on UDP/123 above a certain rate limit?
Transparent UDP/123 redirection is going to break a lot of
assumptions people have about how their current systems work, and
would certainly get me, if i were a customer, very hot under the
collar indeed.
Debugging the subtle problems this would cause would mean a lot of
wasted hours for many expensive people.
Regards,
Joel van Velden
Cloud Scale Ltd
NZ Cloud Storage API-compatible with Amazon S3.
On 25/02/2014 11:00 p.m., Dobbins wrote:
On Feb 25, 2014, at 1:53 PM, Mike Jager <mike@mikej.net.nz> wrote:
I assume you mean non-notified transparent redirection.
Correct - I should've made that clear, thanks for pointing it out.
That being said, how many customers understand enough to know what they're agreeing to have performed on their traffic?
Also, there could be very serious consequences for dorking around with ntp, especially - far too many critical systems (incorrectly) utilize the public Internet for this sort of thing.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog