yes, but the whole point of public NTP services is to allow any IPv4 to
do NTP sync.
Regards,
Ge Moua | Email: moua0...@umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Adrian Minta wrote:
Ge Moua wrote:
The worst thing you can do is put a stateful firewall in front of a
busy DNS server - every single packet creating new state will bring
most hardware-based firewalls to their knees, because "session churn"
is usually handled at much lower packet rate as "pure packet throughput
for existing state"...
I concur and have battle scar to attest for this; we tried to put a
stateful firewall in front of our public NTP server (which also
happen to be our DNS servers) and the firewall tipped over within 5
minutes; state tables got exhausted quick.
Is there a way to disable sessions for specific port or IP ?
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/