[ntp:questions] NTP Denial of Service attack 29 November 2011
nomail at example.com
Tue Nov 29 21:07:15 UTC 2011
Rich <schmidt.rich at gmail.com> wrote:
> USNO is seeing an apparent coordinated denial of service attack on NTP
> originating with the following IPs:
> 184.108.40.206; 220.127.116.11; 18.104.22.168; 22.214.171.124. I
> recommend that you block 126.96.36.199/8, 188.8.131.52/8, and 184.108.40.206/8.
> There will likely be more to follow. These appear to originate on
> APNIC (Asian Pacific).
Isn't that a bit wide a range to block for only 4 IPs?
What makes you think any further attacks will come from the same range?
When in doubt, block 0.0.0.0/0
More information about the questions