[ntp:questions] NTP Denial of Service attack 29 November 2011
nomail at example.com
Tue Nov 29 21:07:15 UTC 2011
Rich <schmidt.rich at gmail.com> wrote:
> USNO is seeing an apparent coordinated denial of service attack on NTP
> originating with the following IPs:
> 22.214.171.124; 126.96.36.199; 188.8.131.52; 184.108.40.206. I
> recommend that you block 220.127.116.11/8, 18.104.22.168/8, and 22.214.171.124/8.
> There will likely be more to follow. These appear to originate on
> APNIC (Asian Pacific).
Isn't that a bit wide a range to block for only 4 IPs?
What makes you think any further attacks will come from the same range?
When in doubt, block 0.0.0.0/0
More information about the questions