[ntp:questions] NTP Denial of Service attack 29 November 2011

Marco Marongiu brontolinux at gmail.com
Tue Nov 29 21:11:08 UTC 2011


Is this message authoritative? Blocking three /8s seems like using a
sledgehammer to open a nugget to me...

Il 29/11/2011 21:44, Rich ha scritto:
> USNO is seeing an apparent coordinated denial of service attack on NTP
> originating with the following IPs:
> 220.117.53.67; 218.92.115.152; 114.40.28.224; 218.201.21.194.   I
> recommend that you block 220.0.0.0/8, 218.0.0.0/8, and 114.0.0.0/8.
> There will likely be more to follow. These appear to originate on
> APNIC (Asian Pacific).
> 
> Currently we are seeing many tens of thousands of packets per second
> coming in.
> 
> R.Schmidt
> Time Service Department
> US Naval Observatory
> 
> 29 November 2011



-- 
                             Marco Marongiu
     System Administrator - Technical Author - Perl Programmer



More information about the questions mailing list