[nsp-sec] NTP Reflection attacks
Serge Droz
serge.droz at switch.ch
Mon Apr 7 10:59:41 EDT 2014
Ack ASNs: 9044, 8220, 6830, 6730, 48983, 48971, 41715, 35206, 31424,
25375, 21069, 20634, 16276, 15600, 15547, 13030, 1257, 12350
ie CH \ 3303
Cheers
Serge
On 4.4.14 20:50 , Sebastien Lahtinen wrote:
> ----------- nsp-security Confidential --------
>
>
>
>
> Hi,
>
> We've been on the receiving end of several NTP reflection DDoS attacks
> over the last few days.
>
> Attached is an output of the IPs which have been involved. I have merged
> them all into one for ease of reference but can provide further details
> on request.
>
> All the IPs listed sent at least 1,000 packets matching the following
> profile (proto udp; src port 123; dst port 80; dst ip 80.249.107.34)
> during at least one of the time windows below:
>
> 2014-03-31 12:34 - 2014-03-31 13:09 BST
> 2014-04-03 14:19 - 2014-04-03 14:54 BST
> 2014-04-04 09:24 - 2014-04-04 09:39 BST
>
> All times are British Summer Time (BST) currently GMT+1.
>
>
> Regards,
>
>
> Sebastien
> AS21396
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
--
SWITCH
-----------------------
Dr. Serge Droz, Team Leader Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 63, fax +41 44 268 15 78
serge.droz at switch.ch, http://www.switch.ch
Security-News: http://securityblog.switch.ch
More information about the nsp-security
mailing list