Does anyone know of a public site which documents the traffic associated with the recent NTP DDOS attacks? I'm trying to see if the attacks correlate to some packet loss we are seeing. -- John Lange
Here is an article on the attack. http://www.informationweek.com/security/attacks-and-breaches/ddos-attack-hit... On 12/02/14 08:17, John Lange wrote:
Does anyone know of a public site which documents the traffic associated with the recent NTP DDOS attacks?
I'm trying to see if the attacks correlate to some packet loss we are seeing.
-- John Lange
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
Some more technical details: http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplificat... There's a comment at the bottom to the effect of "there's an even worse problem hiding in SNMP" Sean On Wed, Feb 12, 2014 at 5:57 PM, Bill Reid <billreid@shaw.ca> wrote:
Here is an article on the attack.
http://www.informationweek.com/security/attacks-and- breaches/ddos-attack-hits-400-gbit-s-breaks-record/d/d-id/1113787
On 12/02/14 08:17, John Lange wrote:
Does anyone know of a public site which documents the traffic associated with the recent NTP DDOS attacks?
I'm trying to see if the attacks correlate to some packet loss we are seeing.
-- John Lange
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sean Walberg <sean@ertw.com> http://ertw.com/
Thanks, Sean and Bill, for the helpful links. The cloudflare.com article offers a link to SANS's ISC site with a very simple tip: just add "disable monitor" to your /etc/ntp.conf file. This works even with ntp-4.2.2p1 on RHEL 5, and is way easier than figuring if/how I can update to 4.2.7, or if Team Cymru's highly locked-down config for simple NTP clients will work OK for a 3 peer stratum 2 config like what I'm using. Gilles On 13/02/2014 11:29 PM, Sean Walberg wrote:
Some more technical details: http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplificat...
There's a comment at the bottom to the effect of "there's an even worse problem hiding in SNMP"
Sean
On Wed, Feb 12, 2014 at 5:57 PM, Bill Reid <billreid@shaw.ca <mailto:billreid@shaw.ca>> wrote:
Here is an article on the attack.
http://www.informationweek.com/security/attacks-and-breaches/ddos-attack-hit...
On 12/02/14 08:17, John Lange wrote:
Does anyone know of a public site which documents the traffic associated with the recent NTP DDOS attacks?
I'm trying to see if the attacks correlate to some packet loss we are seeing.
-- John Lange
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca <mailto:Roundtable@muug.mb.ca> http://www.muug.mb.ca/mailman/listinfo/roundtable
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca <mailto:Roundtable@muug.mb.ca> http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sean Walberg <sean@ertw.com <mailto:sean@ertw.com>> http://ertw.com/
_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Gilles R. Detillieux E-mail: <grdetil@scrc.umanitoba.ca> Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/ Dept. Physiology, U. of Manitoba Winnipeg, MB R3E 0J9 (Canada)
Here is a good link with technical details. Also a spreadsheet with the networks that had NTP servers involved in the attack. http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplificat... On 12/02/14 08:17, John Lange wrote:
Does anyone know of a public site which documents the traffic associated with the recent NTP DDOS attacks?
participants (4)
-
Bill Reid -
Gilles Detillieux -
John Lange -
Sean Walberg