[AusNOG] NTP Reflection coming in over Equinix IX
Mitchell Warden
wardenm at wardenm.net
Thu Feb 13 15:52:11 EST 2014
Can you get the source MAC address(s)? The ARP cache should then tell you which peers.
Cheers.
Mitchell
_____
From: Sean K. Finn [mailto:sean.finn at ozservers.com.au]
To: ausnog at lists.ausnog.net [mailto:ausnog at lists.ausnog.net]
Sent: Thu, 13 Feb 2014 15:37:21 +1100
Subject: [AusNOG] NTP Reflection coming in over Equinix IX
Hey All,
I never thought I’d see the day, we’re seeing local NTP Reflection attacks come in across Equinix peering!
Thankfully they are very small amounts of traffic but you can see the traffic jump percentage wise.
Does anyone have any mitigation stategies across the Equinix IX . (Apart from obvious, i.e. contacting the peer AS’s to asking them to nice mitigate at their end and pray, or droping prefix from Equinix completely.)
PS Anyone else on Equinix Syd if you’re smashing outbound on NTP please check J
This is the first time we’ve seen reflection attack across peering!
What I once considered safe harbour has now been compromised.
Kind Regards,
Sean Finn,
Oz Servers.
_____
Premium Australian Hosting Solution Specialists
_____
Sean Finn, BInfTech(NetSys)Qld.UT
Oz Servers
e: sean.finn at ozservers.com.au
w: http://www.ozservers.com.au
p: 1300 13 89 69
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140213/86146831/attachment.html>
More information about the AusNOG
mailing list