[ntp:questions] NTP Denial of Service attack 29 November 2011

Rob nomail at example.com
Tue Nov 29 21:07:15 UTC 2011


Rich <schmidt.rich at gmail.com> wrote:
> USNO is seeing an apparent coordinated denial of service attack on NTP
> originating with the following IPs:
> 220.117.53.67; 218.92.115.152; 114.40.28.224; 218.201.21.194.   I
> recommend that you block 220.0.0.0/8, 218.0.0.0/8, and 114.0.0.0/8.
> There will likely be more to follow. These appear to originate on
> APNIC (Asian Pacific).

Isn't that a bit wide a range to block for only 4 IPs?
What makes you think any further attacks will come from the same range?

When in doubt, block 0.0.0.0/0



More information about the questions mailing list