<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/12/2014 11:33 AM, Bryan Inks
wrote:<br>
</div>
<blockquote
cite="mid:sig.01203e33c3.37A81A8AFEA76C4C974E4EF7E92C1D18590C8C3A@GEMINI1"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Good info, I’ll
definitely be looking into this.<br>
<br>
But, I’m not being directly attacked. Internap is one of my
upstreams, and they are the one that reported that they were
being attacked when we called to let them know about the
problem.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Bill Wichers [<a class="moz-txt-link-freetext" href="mailto:billw@waveform.net">mailto:billw@waveform.net</a>]
<br>
<b>Sent:</b> Wednesday, February 12, 2014 10:27 AM<br>
<b>To:</b> Jared Mauch; Bryan Inks<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:outages@outages.org">outages@outages.org</a><br>
<b>Subject:</b> RE: [outages] Internap Being DDoS'd<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">To second Jared
on this one, we’ve seen a HUGE increase in NTP-based attacks
over the past several weeks with our colo customers. It’s
very efficient too – even a pretty low end machine can
saturate a 100M link. It reminds me of SQL slammer…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If you haven’t
yet checked that you’re safe from this you should. See:<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://www.us-cert.gov/ncas/alerts/TA14-013A">https://www.us-cert.gov/ncas/alerts/TA14-013A</a><o:p></o:p></p>
<p class="MsoNormal">and<o:p></o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://www.us-cert.gov/ncas/alerts/TA14-017A">https://www.us-cert.gov/ncas/alerts/TA14-017A</a><span
style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">for more info…</span></p>
</div>
</blockquote>
<br>
And some info on how to mitigate it so you are not a reflector.<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html">http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html</a><br>
<br>
--John <br>
<br>
<blockquote
cite="mid:sig.01203e33c3.37A81A8AFEA76C4C974E4EF7E92C1D18590C8C3A@GEMINI1"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> -Bill<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Outages [<a moz-do-not-send="true"
href="mailto:outages-bounces@outages.org">mailto:outages-bounces@outages.org</a>]
<b>On Behalf Of </b>Jared Mauch<br>
<b>Sent:</b> Wednesday, February 12, 2014 1:21 PM<br>
<b>To:</b> Bryan Inks<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:outages@outages.org">outages@outages.org</a><br>
<b>Subject:</b> Re: [outages] Internap Being DDoS'd<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Close your NTP amplifiers and prevent
the spoofing.. Will solve this one. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://Openntpproject.org">Openntpproject.org</a>
can help you. <br>
<br>
Jared Mauch<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Feb 12, 2014, at 12:45 PM, "Bryan Inks" <<a
moz-do-not-send="true" href="mailto:Binks@keyinfo.com">Binks@keyinfo.com</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Just got confirmation from Internap
NOC that they are being attacked again.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Causing quite a bit of chaos for my
network in SoCal.<br>
<br>
I’m having to route over to Level3 to minimize the
issue.<o:p></o:p></p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">_______________________________________________<br>
Outages mailing list<br>
<a moz-do-not-send="true"
href="mailto:Outages@outages.org">Outages@outages.org</a><br>
<a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a><o:p></o:p></span></p>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Outages mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Outages@outages.org">Outages@outages.org</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/outages">https://puck.nether.net/mailman/listinfo/outages</a>
</pre>
</blockquote>
<br>
</body>
</html>