<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Hey All,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I never thought I’d see the day, we’re seeing local NTP Reflection attacks come in across Equinix peering!<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thankfully they are very small amounts of traffic but you can see the traffic jump percentage wise.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><img width=596 height=210 id="Picture_x0020_1" src="cid:image001.png@01CF28C9.B58F03E0"><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Does anyone have any mitigation stategies across the Equinix IX . (Apart from obvious, i.e. contacting the peer AS’s to asking them to nice mitigate at their end and pray, or droping prefix from Equinix completely.)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>PS Anyone else on Equinix Syd if you’re smashing outbound on NTP please check </span><span lang=EN-AU style='font-family:Wingdings'>J</span><span lang=EN-AU><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>This is the first time we’ve seen reflection attack across peering!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>What I once considered safe harbour has now been compromised.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU>Kind Regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Sean Finn,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU>Oz Servers.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-AU><o:p> </o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span lang=EN-AU style='font-size:12.0pt;font-family:"Times New Roman","serif"'><hr size=1 width="100%" noshade style='color:#D0D3DD' align=center></span></div><p class=MsoNormal align=center style='text-align:center'><span lang=EN-AU style='font-size:9.0pt;font-family:"Tahoma","sans-serif";color:silver'>Premium Australian Hosting Solution Specialists</span><span lang=EN-AU style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><div class=MsoNormal align=center style='text-align:center'><span lang=EN-AU style='font-size:12.0pt;font-family:"Times New Roman","serif"'><hr size=1 width="100%" noshade style='color:#D0D3DD' align=center></span></div><table class=MsoNormalTable border=0 cellpadding=0 width="96%" style='width:96.9%'><tr><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Sean Finn, </span></b><span style='font-size:7.0pt;font-family:"Tahoma","sans-serif"'>BInfTech(NetSys)Qld.UT</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Oz Servers</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br>e: <a href="mailto:sean.finn@ozservers.com.au"><span style='color:blue'>sean.finn@ozservers.com.au</span></a><br><b>w: <a href="http://www.ozservers.com.au/" title="http://www.ozservers.com.au/"><span style='color:blue'>http://www.ozservers.com.au</span></a></b><br><b>p: 1300 13 89 69</b></span><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p></td><td style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=right style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:right'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><img border=0 width=140 height=70 id="Picture_x005f_x005f_x005f_x0020_2" src="cid:image002.gif@01CF28C9.B58F03E0" alt=ozlogo></span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p></td></tr></table><p class=MsoNormal><o:p> </o:p></p></div></body></html>