[AusNOG] NTP Reflection coming in over Equinix IX
Dobbins, Roland
rdobbins at arbor.net
Thu Feb 13 15:48:00 EST 2014
On Feb 13, 2014, at 11:37 AM, Sean K. Finn <sean.finn at ozservers.com.au> wrote:
> Does anyone have any mitigation stategies across the Equinix IX . (Apart from obvious, i.e. contacting the peer AS’s to asking them to nice mitigate at their end and pray, or droping prefix from Equinix completely.)
S/RTBH on your end; most ntp reflection/amplification attacks we see are comprised of ~5K - ~7K distinct sources, S/RTBH can handle millions of sources on modern hardware.
ACL on your end to block this traffic towards the target; be sure to include the fragments keyword in the ACL.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the AusNOG
mailing list