[nsp-sec] NTP server under attack
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Mon Nov 4 21:26:06 EST 2013
>> NTP as a protocol makes a pretty poor amplifier. If this is a reflection attack, I'd be interested to understand why.
I've seen attacks continue (and continue to succeed) after amplification was eliminated. The victim isn't always a large capable entity, and lots of people probably have their firewalls to permit NTP responses. It was just a thought, something to rule out, and the data clearly does rule it out.
Very Respectfully,
US-CERT Ops Center
888-282-0870
POC: Matt Swaar - Analyst
-----Original Message-----
From: Joe Abley [mailto:jabley at hopcount.ca]
Sent: Monday, November 04, 2013 8:35 PM
To: Swaar, Matthew
Cc: thomas.mangin at exa-networks.co.uk; nsp-security at puck.nether.net
Subject: Re: [nsp-sec] NTP server under attack
NTP as a protocol makes a pretty poor amplifier. If this is a reflection attack, I'd be interested to understand why.
Aue Te Ariki! He toki ki roto taku mahuna!
> On Nov 4, 2013, at 17:22, "Matthew.Swaar at us-cert.gov" <Matthew.Swaar at us-cert.gov> wrote:
>
> ----------- nsp-security Confidential --------
>
> Thomas,
>
> Is it possible that the inbound traffic was intended as a reflective
> attack? (Was there a consistent source IP or a small number of them?)
>
>
> Very Respectfully,
>
> US-CERT Ops Center
> 888-282-0870
> POC: Matt Swaar - Analyst
>
> -----Original Message-----
> From: nsp-security [mailto:nsp-security-bounces at puck.nether.net] On
> Behalf Of Thomas Mangin
> Sent: Monday, November 04, 2013 8:08 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] NTP server under attack
>
> ----------- nsp-security Confidential --------
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list