[nsp-sec] NTP Amps
Krista Hickey
Krista.Hickey at cogeco.com
Tue Apr 14 17:36:34 EDT 2015
[Apologies if this is a duplicate email]
Hi All
Between approx April 13, 00:20 EST and April 14, 03:30 EST we've had a variety of fairly sizeable (up to 60Gbps) NTP amplification attacks on three separate customers and in one case the attackers, fairly rapidly, followed the customer through four IP changes. The attacks were not sustained over the entire ~26 hours but I counted at least 14 unique attacks > 10Gbps over that time frame.
I can't find any obvious connection between the customers but it does not appear to be typical gaming type attacks and what's notable is that the attackers/service used pretty much the same ~400 NTP amplifiers for all the attacks. Due to my delay in posting the list I removed the ~100 IPs that are no longer responding to the NTP amp queries, apologies if I missed any.
Appreciate any efforts to remediate these vulnerable NTP hosts as the attacker seems to be using them quite efficiently to generate fairly sizeable attacks which is becoming a bit annoying. Feel free to share details as required for remediation but please no attribution to me, my organization or the group here.
Thanks
Krista
7992
Ce courriel provient de Krista.Hickey at cogeco.com . Pour assurer la livraison de futurs envois, veuillez inclure la presente adresse courriel a votre carnet
d'adresses ou votre liste d'expediteurs autorises.
Si vous ne souhaitez plus recevoir de messages promotionnels de la part de Cogeco, veuillez transf?rer ce courriel a desabonnement at cogeco.com. Merci!
Politique en matiere de protection des renseignements personnels de Cogeco et Engagement en matiere d'anti-spam - Contactez-nous
Cogeco Cable Canada, 5 Place Ville-Marie, Bureau 1700, Montreal, Quebec, H3B 0B3
--
This email is from Krista.Hickey at cogeco.com . To ensure the delivery of future emails, please add the current email address to your address book or safe senders list.
If you no longer wish to receive promotional emails from Cogeco, please forward this message to unsubscribe at cogeco.com. Thank you!
Privacy Policy and Anti-spam Commitment - Contact us
Cogeco Cable Canada, 5 Place Ville-Marie, Suite 1700, Montreal, Quebec, H3B 0B3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntp_amps.sorted
Type: application/octet-stream
Size: 34278 bytes
Desc: ntp_amps.sorted
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20150414/4704cc81/attachment.obj>
More information about the nsp-security
mailing list