<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If you’ve seen more than 300 Gbps you should blog about it.  =) The largest documented to date is CloudFlare’s. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Are your upstream providers blocking NTP packets larger than a certain size?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Frank<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> Bryan Socha [mailto:bryan@serverstack.com] <br><b>Sent:</b> Saturday, March 08, 2014 10:04 AM<br><b>To:</b> Frank Bulk<br><b>Cc:</b> outages-discussion@outages.org<br><b>Subject:</b> Re: [outages] enough of this ntp bs.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>It might sound like a joke but I've seen hundreds of gigs of attacks every morning.  It'w all coming from home CPE devices and I think they need to start paying us for their incompetence.   in 2014, why is this a problem!!?!???!?!?!!?  it's time to be responsible.   <o:p></o:p></p></div><div><p class=MsoNormal><br clear=all><o:p></o:p></p><div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888;background:white'>Bryan Socha</span></b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";background:white'><o:p></o:p></span></p><div><div><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif";color:#666666;background:white'>Network Engineer<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif";color:#1155CC;background:white'>646.450.0472</span><span style='font-size:7.5pt;font-family:"Arial","sans-serif";color:#666666;background:white'> | <u><a href="mailto:bryan@serverstack.com" target="_blank"><span style='color:#1155CC'>bryan@serverstack.com</span></a></u></span><span style='font-size:7.5pt;font-family:"Arial","sans-serif";background:white'><o:p></o:p></span></p></div></div><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888;background:white'><o:p> </o:p></span></p></div><div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#333333;background:white'>Server</span></b><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#FF6600;background:white'>Stack</span></b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222;background:white'> </span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#999999;background:white'>| Scale Big</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#888888;background:white'><o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Sat, Mar 8, 2014 at 10:57 AM, Frank Bulk <<a href="mailto:frnkblk@iname.com" target="_blank">frnkblk@iname.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>We’ve seen more DDoS attacks than normal, too, not just on ourselves, but on other networks where I have visibity.  Funny that I saw an email in my inbox from Arbor Networks regarding an NTP DDoS webinar….</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Frank</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> Outages [mailto:<a href="mailto:outages-bounces@outages.org" target="_blank">outages-bounces@outages.org</a>] <b>On Behalf Of </b>Bryan Socha<br><b>Sent:</b> Saturday, March 08, 2014 9:41 AM<br><b>To:</b> <a href="mailto:outages@outages.org" target="_blank">outages@outages.org</a><br><b>Subject:</b> [outages] enough of this ntp bs.</span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>all week long I'm seeing ntp attacks on provider ips on my router.    Enough of this bs, it's time to stand up and block this BS....<o:p></o:p></p></div></div></div></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>