[nsp-sec] 50Gbps NTP Attack, 23377 Source IP addresses
Thomas Hungenberg
th.lab at hungenberg.net
Tue Feb 25 09:22:48 EST 2014
Thanks, we'll notify the responsible ISPs/hosting providers in DE.
- Thomas
CERT-Bund Incident Response & Anti-Malware Team
On 25.02.2014 11:20, Phil Rosenthal wrote:
> ----------- nsp-security Confidential --------
>
>
>
> Hello all,
>
> We have had a reoccuring NTP Reflected DDoS attack against one of our customers, and would love it if we could get some of these open NTP servers could be closed up.
>
> The full list is attached as a text file due to it’s size.
>
> By traffic, the top ASN’s are 4713, 701, 3462, 7922, 9737, 4134, 6830, 12741, 1659, 43700, 174, 9808, 3269, 45899, 2907, 7018, 3356, 9498, 6128, 36531, 13999, 209, 14, 3215, 8732, 47764, 3549, 25019, 3320, 13768.
>
> Thanks in advance!
> Regards,
> -Phil Rosenthal
More information about the nsp-security
mailing list