hi ya colin On 12/30/15 at 09:04am, Colin Johnston wrote: > Where does it say we need to contact home cert instead on your website ?
because [email protected] asked ? > verification of what ? i'd want to see if it's a simple port scan by a script kidddie vs a more serious upcoming DOS attack from attackers with a "evil purpose" they might just be poking around to find vulnerable ntpd servers ? since there's been no satisfactory answer in 5 days, in the meantime, i'd suggest: - be sure ntpd is properly configured - be sure to be running the latest ( no known exploits ) ntpd server - ntpd servers should only be necessary for your servers ... and incoming connections from outside should never reach your ntpd - use an alternative ntpd server/source on a different wire > HSOFT ranges have been compromised by NTP reflection attacks there's a difference between compromized vs port scanning ( probes ) - compromized... hsoft need to fix it ( upgrade and reconfigure ntpd ) - probes/scanners ... nothing much you can do other than limit your outgoing ( 123/udp) replies - there's thousands of probes occuring constantly on various ports ... > and the NTP servers hosted by HSOFT need to have a NTP update. they better get going to update their ntpd and configs ... i'd rattle hsoft's cage harder ... :-) > This has been discussed on NANOG and I also sent information in Chinese to > aid debug as well. > > Have had no response from HSOFT… :-) i wonder what else is occupying their time magic pixie dust alvin # DDoS-Simulator.net > > From: "cncertcc" <[email protected]> > > Subject: Re:Fwd: port 123 reflection attacks > > Date: 30 December 2015 at 08:15:28 GMT > > To: "Colin Johnston" <[email protected]> > > > > Greetings, > > Please forward the case to the corresponding CERT you are located in first > > to have it transferred to CNCERT after verification. Thanks for your > > understanding. ... > >>> From: Colin Johnston <[email protected] > >>> <mailto:[email protected]>> > >>> Subject: port 123 reflection attacks > >>> Date: 25 December 2015 at 11:19:26 GMT > >>> To: [email protected] <mailto:[email protected]>, [email protected] > >>> <mailto:[email protected]> > >>> Cc: Colin Johnston <[email protected] <mailto:[email protected]>> > >>> > >>> please stop the port 123 reflection attacks from 115.47.24.220
