Sounds like everyone here got off easy.
http://www.securityweek.com/cloudflare-infrastructure-hit-400gbs-ntp-based-ddos-attack?utm_source=dlvr.it&utm_medium=twitter ________________________________________ From: [email protected] [[email protected]] on behalf of Joe Matuscak [[email protected]] Sent: Monday, February 10, 2014 4:51 PM To: [email protected] Subject: Re: [NTSysADM] NTP Attack Anyone? In the case of NTP, you can circumvent the attack by changing the ntp.conf file to add the "noquery" option, something like: restrict default kod nomodify notrap nopeer noquery This kills the ability to do management queries to the server, so you may want to add something to allow your internal systems to do the queries, like... restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer after the first "restrict" line. ----- Original Message ----- > On Mon, Feb 10, 2014 at 12:02 PM, Kelsey, John <[email protected]> wrote: > > Looks like we’re getting bombarded with an NTP attack. Over 250k hits in > > the last hour. Anybody else out there having similar issues today? We’re > > dropping the traffic at our firewall, but its pretty much put our internet > > out of commission. :/ > > We suffered this last weekend. I had Friday off, and heard about > Internet slowness from users on Monday. I identified the issue by > doing a quick tcpdump on the external interface of our firewall, and > configured a rule to drop all inbound NTP requests. I got an email > from our ISP in the next hour from their abuse desk, and was able to > reply that I had fixed the problem. > > US Cert has issued a more generic warning regarding UDP amplification > attacks, including NTP, DNS, NBNS and SNMPv2, among others: > https://www.us-cert.gov/ncas/alerts/TA14-017A > > You can talk with your ISP about blocking these UDP protocols inbound > somewhere upstream, if you don't need them. > > Kurt > > > -- Thanks, Joe Matuscak | Director of Technology Rohrer Corporation | Office: 330-335-1541 717 Seville Road | Wadsworth, Ohio 44281 www.rohrer.com | A Better Package
