[AusNOG] NTP reflection used for world's largest DDoS

Joseph Goldman joe at apcs.com.au
Wed Feb 12 15:25:41 EST 2014


My ESX servers seemed to have NTP open by default too.

On 12/02/14 15:15, Nathan Brookfield wrote:
>
> We've had some customers boxes through UECOMM IP transit compromised 
> this morning, only small links but they're certainly going hard.  A 
> few clients run Zimbra which is VMWare's mail server and it appears to 
> have NTP open by default.
>
> *From:*AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of 
> *Joshua D'Alton
> *Sent:* Wednesday, 12 February 2014 3:03 PM
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] NTP reflection used for world's largest DDoS
>
> And looks like another one is running, level3 seems totally decimated 
> at the moment, 100ms+ on usual routes.
>
> On Tue, Feb 11, 2014 at 2:51 PM, Daniel Watson <daniel at glovine.com.au 
> <mailto:daniel at glovine.com.au>> wrote:
>
> http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes-us-europe.aspx
>
> What is the world coming too.
>
> D.
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140212/038db50c/attachment.html>


More information about the AusNOG mailing list