On 02/12/2014 11:33 AM, Bryan Inks wrote:
Good info, I'll definitely be looking into this.
But, I'm not being directly attacked. Internap is one of my upstreams, and they are the one that reported that they were being attacked when we called to let them know about the problem.
*From:*Bill Wichers [mailto:billw@waveform.net] *Sent:* Wednesday, February 12, 2014 10:27 AM *To:* Jared Mauch; Bryan Inks *Cc:* outages@outages.org *Subject:* RE: [outages] Internap Being DDoS'd
To second Jared on this one, we've seen a HUGE increase in NTP-based attacks over the past several weeks with our colo customers. It's very efficient too -- even a pretty low end machine can saturate a 100M link. It reminds me of SQL slammer...
If you haven't yet checked that you're safe from this you should. See:
https://www.us-cert.gov/ncas/alerts/TA14-013A
and
https://www.us-cert.gov/ncas/alerts/TA14-017A
for more info...
And some info on how to mitigate it so you are not a reflector. http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html --John
-Bill
*From:*Outages [mailto:outages-bounces@outages.org] *On Behalf Of *Jared Mauch *Sent:* Wednesday, February 12, 2014 1:21 PM *To:* Bryan Inks *Cc:* outages@outages.org <mailto:outages@outages.org> *Subject:* Re: [outages] Internap Being DDoS'd
Close your NTP amplifiers and prevent the spoofing.. Will solve this one.
Openntpproject.org <http://Openntpproject.org> can help you.
Jared Mauch
On Feb 12, 2014, at 12:45 PM, "Bryan Inks" <Binks@keyinfo.com <mailto:Binks@keyinfo.com>> wrote:
Just got confirmation from Internap NOC that they are being attacked again.
Causing quite a bit of chaos for my network in SoCal.
I'm having to route over to Level3 to minimize the issue.
_______________________________________________ Outages mailing list Outages@outages.org <mailto:Outages@outages.org> https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages