[ntp:security] ddos attack

Danny Mayer mayer at pdmconsulting.net
Mon Feb 17 00:22:07 UTC 2014


On 2/16/2014 6:11 AM, Savaþ Cilve wrote:
> Hi, website of my friend's company is being attacked. When we look at
> the logs, we see all of the requests are coming from some zombie
> computers with a port number 123 (as you may see in the link). Is there
> anything you or we can do to stop these attacks? Thanks...
> 
> http://www.ergel.net/modasahnesi.txt
>

For now I would suggest that you block all NTP packets (or UDP packets
coming from port 123) at the firewall except ones coming from those
servers that the site needs.

There is nothing that we can do. Those packets are coming from NTP
servers that we neither know nor control.

Danny




More information about the security mailing list