[AusNOG] NTP Reflection coming in over Equinix IX

Joshua D'Alton joshua at railgun.com.au
Thu Feb 13 16:22:28 EST 2014 

Seamus means
http://monitor.nsw.ix.asn.au/cacti/graph.php?local_graph_id=90&rra_id=all
(cloudflare's traffic) for the first link I think, copy paste fail :)


On Thu, Feb 13, 2014 at 4:15 PM, Seamus Ryan <s.ryan at uber.com.au> wrote:

>  It has also been happening over NSW-IX the last few days (targeting
> cloudflare J ).
>
>
>
> http://monitor.nsw.ix.asn.au/cacti/graph.php?local_graph_id=64&rra_id=all
>
>
> Not sure if they are NTP, but the "big" one on Tuesday appears to have
> sources like AARNET
>
>
>
> http://monitor.nsw.ix.asn.au/cacti/graph.php?local_graph_id=64&rra_id=all
>
>
>
> and Ultraserve:
>
>
>
> http://monitor.nsw.ix.asn.au/cacti/graph.php?local_graph_id=257&rra_id=all
>
>
>
> (large spikes line up with cloudflare's graph)
>
>
>
> -          Seamus
>
>
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Sean
> K. Finn
> *Sent:* Thursday, 13 February 2014 3:37 PM
>
> *To:* ausnog at lists.ausnog.net
> *Subject:* [AusNOG] NTP Reflection coming in over Equinix IX
>
>
>
> Hey All,
>
>
>
> I never thought I'd see the day, we're seeing local NTP Reflection attacks
> come in across Equinix peering!
>
>
>
> Thankfully they are very small amounts of traffic but you can see the
> traffic jump percentage wise.
>
>
>
>
>
>
>
> Does anyone have any mitigation stategies across the Equinix IX . (Apart
> from obvious, i.e. contacting the peer AS's to asking them to nice mitigate
> at their end and pray, or droping prefix from Equinix completely.)
>
>
>
> PS Anyone else on Equinix Syd if you're smashing outbound on NTP please
> check J
>
>
>
>
>
> This is the first time we've seen reflection attack across peering!
>
>
>
> What I once considered safe harbour has now been compromised.
>
>
>
> Kind Regards,
>
> Sean Finn,
>
> Oz Servers.
>
>
>
>
>  ------------------------------
>
> Premium Australian Hosting Solution Specialists
>  ------------------------------
>
> *Sean Finn, *BInfTech(NetSys)Qld.UT
>
> *Oz Servers*
> e: sean.finn at ozservers.com.au
> *w: http://www.ozservers.com.au <http://www.ozservers.com.au/>*
> *p: 1300 13 89 69*
>
>
>
>
>
> [image: ozlogo]
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140213/799330fe/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2556 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140213/799330fe/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 23838 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140213/799330fe/attachment.png>

More information about the AusNOG mailing list