[j-nsp] NTP Reflection
Mark Tees
marktees at gmail.com
Mon Jan 13 20:38:12 EST 2014
Oh oh someones listening just received:
JSA10613<http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&actp=SUBSCRIPTION>Mitigation
of NTP amplification attacks involving Junos
Can we get detailed lo0 filters listed too please?
On Tue, Jan 14, 2014 at 9:53 AM, Mark Tees <marktees at gmail.com> wrote:
> I hope I am wrong here but the only place I have seen a decent example of
> an accurate and secure lo0 firewall filter was in the Juniper MX series
> book?
>
>
> On Tue, Jan 14, 2014 at 9:44 AM, Paul S. <contact at winterei.se> wrote:
>
>> On 1/14/2014 午前 07:14, Jared Mauch wrote:
>>
>>> On Jan 13, 2014, at 5:03 PM, Chuck Anderson <cra at WPI.EDU> wrote:
>>>
>>> Shouldn't this be SOP anyway?
>>>>
>>> In the past many ISPs provided time to customers from the router
>>> hardware. The difference I’ve seen here is regarding the speed that
>>> devices will respond. The Juniper devices have a faster processor so will
>>> respond much faster than an “ISR” device from other vendors. The lack of
>>> ability to further tweak the ntp.conf is a bit frustrating.
>>>
>>> - Jared
>>>
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
>> I've never really seen any ISPs who actually use proper firewall filters
>> to allow NTP requests on the routers publicly; so it's 'somewhat'
>> manageable - still.
>>
>> Granted, Juniper should have ways to distinguish client behavior from
>> server behavior, still.
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Regards,
>
> Mark L. Tees
>
--
Regards,
Mark L. Tees
More information about the juniper-nsp
mailing list