[nsp-sec] 50Gbps NTP Attack, 23377 Source IP addresses
Beth Young
youngba at ren-isac.net
Fri Feb 28 14:33:16 EST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am a little late to this party but ACK for .edu
These ASNs have been notified.
10448, 10886, 10952, 11050, 11078, 11417, 11686, 11995, 1239, 1249,
1312, 13326, 13371, 13838, 14212, 14348, 14977, 15243, 160, 16462,
16643, 17, 1742, 1968, 19927, 19956, 210, 2152, 21852, 21976, 225,
22742, 22919, 237, 2381, 2552, 2572, 25887, 26335, 26934, 2900, 3,
31822, 32432, 32440, 32876, 33091, 3676, 3912, 40246, 4201, 4385,
4565, 46, 46887, 5661, 5718, 5723,
(Joel, I left you out since I saw your ACK).
Thanks,
Beth
On 2/25/2014 4:20 AM, Phil Rosenthal wrote:
> ----------- nsp-security Confidential --------
>
>
>
> Hello all,
>
> We have had a reoccuring NTP Reflected DDoS attack against one of
> our customers, and would love it if we could get some of these open
> NTP servers could be closed up.
>
> The full list is attached as a text file due to it?s size.
>
- --
Beth Young, CISSP
soc at ren-isac.net
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEVAwUBUxDkfHOn520JM2MZAQJ5vQf6AwpE5sX07YQHX87YeHSeGIx+IKViFUEt
cwc/APTBqXMrhnoIyAu4lXwQWbhdrWKVHVsaEg2ld4VDQnBfNW41NLuHMC8tkVFt
9eumYqYk6rsI+tEEmR2Gtn/m2f/DLDy4Qs6oJ95lWpSgwVyZA0hpldjyoENz9Zjw
SvapGOOLSBhYLZEVeS4ZoU2Z0Oq6oLqc0jlIgkunXhf5A2qLZz/EOwEKT68TDdlY
SgRlpKbfmgWLK+e7XajiA6mIL0poMVZZfPQfgh55DQS2sJ/Zww6OV5+ekdModP77
4ZRsWw1nlvdRhpSPY8GILX4pR2AxSyBROljVeHLuMgXIpDl5bDFtlg==
=u/Kv
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list