[Outages-discussion] [outages] enough of this ntp bs.
Terrence
terrence.oconnor at gmail.com
Sat Mar 8 11:27:47 EST 2014
Sounds like you need some DDoS help. Let me know. ;)
We've been certainly seeing an uptick in the number and size of attacks lately. I am not sure why the last mile providers aren't blocking spoofed source addresses.
There really isn't a good mitigation strategy other than offloading the attacks to a scalable provider. Or having ISPs validate the source prior to forwarding the packet. You just can't mitigate 450Gbps attacks at origin infrastructure.
-
Terrence
Sent from my iPhone please excuse any errors.
> On Mar 8, 2014, at 11:10 AM, "Frank Bulk" <frnkblk at iname.com> wrote:
>
> If you’ve seen more than 300 Gbps you should blog about it. =) The largest documented to date is CloudFlare’s.
>
> Are your upstream providers blocking NTP packets larger than a certain size?
>
> Frank
>
> From: Bryan Socha [mailto:bryan at serverstack.com]
> Sent: Saturday, March 08, 2014 10:04 AM
> To: Frank Bulk
> Cc: outages-discussion at outages.org
> Subject: Re: [outages] enough of this ntp bs.
>
> It might sound like a joke but I've seen hundreds of gigs of attacks every morning. It'w all coming from home CPE devices and I think they need to start paying us for their incompetence. in 2014, why is this a problem!!?!???!?!?!!? it's time to be responsible.
>
> Bryan Socha
> Network Engineer
> 646.450.0472 | bryan at serverstack.com
>
> ServerStack | Scale Big
>
>
> On Sat, Mar 8, 2014 at 10:57 AM, Frank Bulk <frnkblk at iname.com> wrote:
> We’ve seen more DDoS attacks than normal, too, not just on ourselves, but on other networks where I have visibity. Funny that I saw an email in my inbox from Arbor Networks regarding an NTP DDoS webinar….
>
> Frank
>
> From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Bryan Socha
> Sent: Saturday, March 08, 2014 9:41 AM
> To: outages at outages.org
> Subject: [outages] enough of this ntp bs.
>
> all week long I'm seeing ntp attacks on provider ips on my router. Enough of this bs, it's time to stand up and block this BS....
>
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20140308/20be3120/attachment-0001.html>
More information about the Outages-discussion
mailing list