[nsp-sec] NTP Reflection attacks
Yu, Henry
henry.yu at twtelecom.com
Mon Apr 7 11:22:54 EDT 2014
Ack 4323
> On Apr 4, 2014, at 2:52 PM, "Sebastien Lahtinen" <seb at ncuk.com> wrote:
>
> ----------- nsp-security Confidential --------
>
>
> Hi,
>
> We've been on the receiving end of several NTP reflection DDoS attacks
> over the last few days.
>
> Attached is an output of the IPs which have been involved. I have merged
> them all into one for ease of reference but can provide further details on
> request.
>
> All the IPs listed sent at least 1,000 packets matching the following
> profile (proto udp; src port 123; dst port 80; dst ip 80.249.107.34)
> during at least one of the time windows below:
>
> 2014-03-31 12:34 - 2014-03-31 13:09 BST
> 2014-04-03 14:19 - 2014-04-03 14:54 BST
> 2014-04-04 09:24 - 2014-04-04 09:39 BST
>
> All times are British Summer Time (BST) currently GMT+1.
>
>
> Regards,
>
>
> Sebastien
> AS21396
>
> --
> NetConnex Broadband Ltd.
> tel. +44 870 745 4830 fax. +44 870 745 4831
> Court Farm Lodge, 1 Eastway, Epsom, Surrey, KT19 8SG. United Kingdom.
> <ddos-merged3.txt>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------
The content contained in this electronic message is not intended to constitute formation of a contract binding tw telecom. tw telecom will be contractually bound only upon execution, by an authorized officer, of a contract including agreed terms and conditions or by express application of its tariffs. This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail or by telephone.
More information about the nsp-security
mailing list