[nsp-sec] 50Gbps NTP Attack, 23377 Source IP addresses
Thomas Stridh
thomas.stridh at cert.sunet.se
Tue Feb 25 08:56:16 EST 2014
----------- nsp-security Confidential --------
ACK for 1653
thanks,
/Thomas Stridh,
SUNet CERT
On 2014-02-25 11:20, Phil Rosenthal wrote:
> ----------- nsp-security Confidential --------
>
> Hello all,
>
> We have had a reoccuring NTP Reflected DDoS attack against one of our customers,
> and would love it if we could get some of these open NTP servers could be closed up.
>
> The full list is attached as a text file due to it’s size.
>
> By traffic, the top ASN’s are 4713, 701, 3462, 7922, 9737, 4134, 6830, 12741,
> 1659, 43700, 174, 9808, 3269, 45899, 2907, 7018, 3356, 9498, 6128, 36531, 13999,
> 209, 14, 3215, 8732, 47764, 3549, 25019, 3320, 13768.
>
> Thanks in advance!
> Regards,
> -Phil Rosenthal
>
> The list of ASN’s we are receiving packets from is as follows:
> (# of hosts) (ASN)
> ocelot ~ # cat 02-25-2014-ntp-attack.txt |more|sed s/" .*"/""/|sort |uniq -c
> |sort -n -r
>
[.........]
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list