[AusNOG] Stopping unwanted random NTP traffic

Andrew Tschudi andrewtschudi at gmail.com
Wed Apr 16 09:48:52 EST 2014


James thanks for the information on NTP attacks very interesting
informative. With your free DDoS protection can you protect a remote
network which is single homed and how do you get around the issue of our
uplink connection being saturated.


Andrew


On Tue, Apr 15, 2014 at 5:21 PM, James Braunegg <james.braunegg at micron21.com
> wrote:

> Dear All
>
>
>
> Thanks for the great feedback and comments. Our team has been having lots
> of fun helping Australian networks mitigate DDoS attacks over the last few
> months. In fact - in case you did not know - AusNOG members (everyone
> reading this) has access to our services for free via a trial period. If
> you’re interested please let me know. Furthermore, I'll be presenting all
> the results and information specifically with reference to DDoS attacks
> within Australia at AusNOG this year in September.
>
>
>
> I’ve also written a small blog article on NTP attacks which can be found
> here: http://www.micron21.com/ddos-ntp.php which explains some ways we to
> provide protection against inbound requests towards your network.  This
> information has been co-compiled by Roland Dobbins and me.
>
>
>
> Kindest Regards
>
>
>
>
>
>
> *James Braunegg**P:*  1300 769 972  |  *M:*  0488 997 207 |  *D:*  (03)
> 9751 7616
>
> *E:*   james.braunegg at micron21.com  |  *ABN:*  12 109 977 666
> *W:*  www.micron21.com/ddos-protection   *T:* @micron21
>
>
>
>
> [image: Description: Description: Description: Description: M21.jpg]
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.
>
>
>
>
>
>
>
> -----Original Message-----
> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark
> Tees
> Sent: Tuesday, April 15, 2014 4:16 PM
> To: John Wooler
> Cc: ausnog at ausnog.net
> Subject: Re: [AusNOG] Stopping unwanted random NTP traffic
>
>
>
> +1 For Micron21. Service works as advertised and their staff have been
> very helpful in every aspect. Bonus points for getting access to the attack
> monitoring platform and flow data interface.
>
>
>
> On 15 Apr 2014, at 4:00 pm, John Wooler <john.wooler at exigent.com.au>
> wrote:
>
>
>
> > Hi Andrew
>
> >
>
> > My personal recommendation and professional recommendation would
> honestly be Micron21 (based in Melbourne).
>
> >
>
> > Over the past month or 2 we have been using them for DDoS protection on
> our network in Melbourne, Brisbane & Sydney over the Megaport VCX service
> and by far these guys have hit the nail on the coffin when it comes to this
> sort of network protection.  We’ve actually seen a number of DDoS attacks
> coming in on NTP ourselves, DNS attacks, random attacks on port 80 etc and
> these guys mitigate any type of attack when it comes to this type of stuff.
>
> >
>
> > There’s a few good points to list
>
> > -          All traffic stays here in Australia so no re-routing traffic
> to America or elsewhere around the globe….  This helps with not having to
> add latency for your end clients to experience & complain about.
>
> > -          Once an attack starts, they’re quick on the ball to detect it
> and alert you of the attack + monitor it as well.
>
> > -          They have the capacity to handle large attacks.
>
> > -          They own the equipment and have in-house certified engineers
> who know what they’re doing and always willing to help out in anyway.
>
> >
>
> > We’re using them and we’re going to continue using them for a very long
> time to come (probably forever to be real honest) and I couldn’t recommend
> them enough.
>
> >
>
> > Check out their DDoS site as well.
>
> > http://www.micron21.com/ddos-protection.php
>
> >
>
> >
>
> > Kindest Regards,
>
> >
>
> > John Wooler
>
> > Exigent Enterprise
>
> >
>
> > From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
> Andrew Tschudi
>
> > Sent: Tuesday, 15 April 2014 2:09 PM
>
> > To: ausnog at ausnog.net
>
> > Subject: [AusNOG] Stopping unwanted random NTP traffic
>
> >
>
> > We have been receiving unwanted inbound NTP traffic towards multiple
> different servers within our network. This has been creating days of pain
> and after liaising with our upstream provider it turns out that they have
> no BGP communities. Had they had BGP Communities, this would then allow me
> to block the traffic from reaching my routers, which are continuously being
> flooded. I figure, it’s now time for me to attempt to source some external
> help.
>
> >
>
> > Can anyone on provide any recommendations for sourcing professional
> services that would be trusted in advising the best way to protect and
> secure our network?
>
> >
>
> > Andrew
>
> > _______________________________________________
>
> > AusNOG mailing list
>
> > AusNOG at lists.ausnog.net
>
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
>
> AusNOG mailing list
>
> AusNOG at lists.ausnog.net
>
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140416/932a5a33/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140416/932a5a33/attachment.jpg>


More information about the AusNOG mailing list