[outages] Internap Being DDoS'd

Chris Vervais cvervais at mac.com
Wed Feb 12 13:36:10 EST 2014 

It’s the other way around though isn’t it? If your NTP servers are vulnerable then you’re assisting in the attack as your NTP servers are being used to attack the victim. 

Though I imagine that if your NTP servers were being used you’d bee seeing a large spike in your outbound UDP traffic.

On Feb 12, 2014, at 10:33 AM, Bryan Inks <Binks at keyinfo.com> wrote:

> Good info, I’ll definitely be looking into this.
> 
> But, I’m not being directly attacked. Internap is one of my upstreams, and they are the one that reported that they were being attacked when we called to let them know about the problem.
>  
> From: Bill Wichers [mailto:billw at waveform.net] 
> Sent: Wednesday, February 12, 2014 10:27 AM
> To: Jared Mauch; Bryan Inks
> Cc: outages at outages.org
> Subject: RE: [outages] Internap Being DDoS'd
>  
> To second Jared on this one, we’ve seen a HUGE increase in NTP-based attacks over the past several weeks with our colo customers. It’s very efficient too – even a pretty low end machine can saturate a 100M link. It reminds me of SQL slammer…
>  
> If you haven’t yet checked that you’re safe from this you should. See:
>  
> https://www.us-cert.gov/ncas/alerts/TA14-013A
> and
> https://www.us-cert.gov/ncas/alerts/TA14-017A
>  
> for more info…
>  
>   -Bill
>  
> From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Jared Mauch
> Sent: Wednesday, February 12, 2014 1:21 PM
> To: Bryan Inks
> Cc: outages at outages.org
> Subject: Re: [outages] Internap Being DDoS'd
>  
> Close your NTP amplifiers and prevent the spoofing.. Will solve this one. 
>  
> Openntpproject.org can help you. 
> 
> Jared Mauch
> 
> On Feb 12, 2014, at 12:45 PM, "Bryan  Inks" <Binks at keyinfo.com> wrote:
> 
> Just got confirmation from Internap NOC that they are being attacked again.
>  
> Causing quite a bit of chaos for my network in SoCal.
> 
> I’m having to route over to Level3 to minimize the issue.
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20140212/4c783f1a/attachment.htm>

More information about the Outages mailing list