https://www.us-cert.gov/ncas/current-activity/2014/01/10/Network-Time-Protocol-NTP-Amplification-Attacks
https://www.us-cert.gov/ncas/alerts/TA14-013A Are you using maybe Unix for your NTP time services. Here is the ISC page writeup on what has been seen with this: https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected] [mailto:[email protected]] On Behalf Of Kelsey, John Sent: Monday, February 10, 2014 3:03 PM To: '[email protected]' Subject: [NTSysADM] NTP Attack Anyone? Looks like we're getting bombarded with an NTP attack. Over 250k hits in the last hour. Anybody else out there having similar issues today? We're dropping the traffic at our firewall, but its pretty much put our internet out of commission. :/ Thanks ************************************* John C. Kelsey DuBois Regional Medical Center *: 814.375.3073 * : 814.375.4005 *: [email protected]<mailto:[email protected]> ************************************* This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of Penn Highlands Healthcare or its affiliates.. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments.
<<inline: image001.jpg>>
