[ntp:questions] NTP Denial of Service attack 29 November 2011
brontolinux at gmail.com
Tue Nov 29 21:11:08 UTC 2011
Is this message authoritative? Blocking three /8s seems like using a
sledgehammer to open a nugget to me...
Il 29/11/2011 21:44, Rich ha scritto:
> USNO is seeing an apparent coordinated denial of service attack on NTP
> originating with the following IPs:
> 220.127.116.11; 18.104.22.168; 22.214.171.124; 126.96.36.199. I
> recommend that you block 188.8.131.52/8, 184.108.40.206/8, and 220.127.116.11/8.
> There will likely be more to follow. These appear to originate on
> APNIC (Asian Pacific).
> Currently we are seeing many tens of thousands of packets per second
> coming in.
> Time Service Department
> US Naval Observatory
> 29 November 2011
System Administrator - Technical Author - Perl Programmer
More information about the questions