Re: [outages] Internap Being DDoS'd

Wed, 12 Feb 2014 10:38:46 -0800 

On 02/12/2014 11:33 AM, Bryan Inks wrote:


Good info, I'll definitely be looking into this.


But, I'm not being directly attacked. Internap is one of my upstreams, 
and they are the one that reported that they were being attacked when 
we called to let them know about the problem.


*From:*Bill Wichers [mailto:[email protected]]
*Sent:* Wednesday, February 12, 2014 10:27 AM
*To:* Jared Mauch; Bryan Inks
*Cc:* [email protected]
*Subject:* RE: [outages] Internap Being DDoS'd


To second Jared on this one, we've seen a HUGE increase in NTP-based 
attacks over the past several weeks with our colo customers. It's very 
efficient too -- even a pretty low end machine can saturate a 100M 
link. It reminds me of SQL slammer...


If you haven't yet checked that you're safe from this you should. See:

https://www.us-cert.gov/ncas/alerts/TA14-013A

and

https://www.us-cert.gov/ncas/alerts/TA14-017A

for more info...



And some info on how to mitigate it so you are not a reflector.

http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html

--John


  -Bill


*From:*Outages [mailto:[email protected]] *On Behalf Of 
*Jared Mauch

*Sent:* Wednesday, February 12, 2014 1:21 PM
*To:* Bryan Inks
*Cc:* [email protected] <mailto:[email protected]>
*Subject:* Re: [outages] Internap Being DDoS'd

Close your NTP amplifiers and prevent the spoofing.. Will solve this one.

Openntpproject.org <http://Openntpproject.org> can help you.

Jared Mauch



On Feb 12, 2014, at 12:45 PM, "Bryan  Inks" <[email protected] 
<mailto:[email protected]>> wrote:


    Just got confirmation from Internap NOC that they are being
    attacked again.

    Causing quite a bit of chaos for my network in SoCal.

    I'm having to route over to Level3 to minimize the issue.

    _______________________________________________
    Outages mailing list
    [email protected] <mailto:[email protected]>
    https://puck.nether.net/mailman/listinfo/outages



_______________________________________________
Outages mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/outages



_______________________________________________
Outages mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/outages






















					Reply via email to