[nsp-sec] NTP Reflection attacks - ACK 14
Joel L. Rosenblatt
joel at columbia.edu
Fri Apr 4 15:20:45 EDT 2014
Thanks
Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
On Fri, Apr 4, 2014 at 2:50 PM, Sebastien Lahtinen <seb at ncuk.com> wrote:
> ----------- nsp-security Confidential --------
>
>
>
> Hi,
>
> We've been on the receiving end of several NTP reflection DDoS attacks over the last few days.
>
> Attached is an output of the IPs which have been involved. I have merged them all into one for ease of reference but can provide further details on request.
>
> All the IPs listed sent at least 1,000 packets matching the following profile (proto udp; src port 123; dst port 80; dst ip 80.249.107.34) during at least one of the time windows below:
>
> 2014-03-31 12:34 - 2014-03-31 13:09 BST
> 2014-04-03 14:19 - 2014-04-03 14:54 BST
> 2014-04-04 09:24 - 2014-04-04 09:39 BST
>
> All times are British Summer Time (BST) currently GMT+1.
>
>
> Regards,
>
>
> Sebastien
> AS21396
>
> --
> NetConnex Broadband Ltd.
> tel. +44 870 745 4830 fax. +44 870 745 4831
> Court Farm Lodge, 1 Eastway, Epsom, Surrey, KT19 8SG. United Kingdom.
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list