[nsp-sec] ACK NTP reflection attacks
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Thu Jan 9 21:05:52 EST 2014
ACK for ~245 IPS under:
16 Lawrence Berkeley National Labs
24 AMES National Aeronautics and Space Administration
41 AMES National Aeronautics and Space Administration
43 BNL-AS - Brookhaven National Laboratory
49 ICST-AS - National Bureau of Standards
50 ORNL-MSRNET - Oak Ridge National Laboratory
68 LANL-INET-AS - Los Alamos National Laboratory
70 NLM-GW - National Library of Medicine
145 VBNS - MCI Communications Corporation
291 ESNET-EAST - ESnet
297 NISN-SIP-AS - National Aeronautics and Space Administration
701 UUNET - MCI Communications Services, Inc. d/b/a Verizon Business
1239 AS1239 SprintLink Global Network
1316 LERC-AS-AS - National Aeronautics and Space Administration
1701 EOSDIS-V0 - National Aeronautics and Space Administration
1749 NASA-GSFC-AS - National Aeronautics and Space Administration
2143 NSN-FFIX-W - National Aeronautics and Space Administration
2648 NIST-BOULDER - NIST/U.S. Dept. of Commerce
2936 NERSC - National Energy Research Scientific Computing Center
3152 FNAL-AS - Fermi National Accelerator Laboratory (Fermilab)
3356 LEVEL3 Level 3 Communications
3428 ESNET-AS - ESnet
4152 USDA-1 - USDA
4185 ATTIS-ASN4185 - AT&T Internet Services
4511 MIAMI-EDU - University of Miami
5663 EDCNET - US Geological Survery
5774 USPS-001 - United States Postal Service
6629 NOAA-AS - NOAA
6966 USDOS - U.S. Department of State
7018 ATT-INTERNET4 - AT&T Services, Inc.
7046 RFC2270-UUNET-CUSTOMER - MCI Communications Services, Inc. d/b/a
Verizon Business
7764 CENSUSBUREAU - U. S. Bureau of the Census
11956 NOAA-NWN - NOAA / PMEL
11985 ASN-SSA - Social Security Administration
13611 CDC - U.S. Center For Disease Control and Prevention
15130 USDOJ-GOV - United States Department of Justice
26020 STSCI-NET - Space Telescope Science Institute
26100 NOAA-PACIFIC-REGION-CENTER - National Oceanic and Atmospheric
Administration
32878 NWS-CR - National Weather Service
(I'm not acking for *ALL* of 145, or 701, etc., just the entities that I
have a responsibility to.) I'm also acking for some IPS (192.5.16.0/24)
that were listed under "4601 PAGESAT - Network Wizards" that I think may
actually be Los Alamos.
Thanks very much, Jared!
V/R,
Matt Swaar
US-CERT Analyst
-----Original Message-----
From: nsp-security [mailto:nsp-security-bounces at puck.nether.net] On
Behalf Of Jared Mauch
Sent: Wednesday, January 08, 2014 2:39 PM
To: Wentworth, Brett
Cc: nsp-security at puck.nether.net
Subject: Re: [nsp-sec] NTP reflection attacks
----------- nsp-security Confidential --------
On Thu, Jan 02, 2014 at 04:22:44PM +0000, Wentworth, Brett wrote:
> ----------- nsp-security Confidential --------
>
> We are seeing a spike. Anyone else?
Sure.
http://openntpproject/ntp-worst-cymru.txt is available for your
remediation action.
The website will be searchable soon, perhaps with the data from
tomorrows scan.
- Jared
--
Jared Mauch | +1 313 506 4307 * AS2914
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list