nanog mailing list archives
Re: ddos attack blog
From: Mark Tinka <mark.tinka () seacom mu>
Date: Fri, 14 Feb 2014 10:10:37 +0200
On Friday, February 14, 2014 03:01:27 AM Jared Mauch wrote:
I would actually like to ask for those folks to un-block NTP so there is proper data on the number of hosts for those researching this. The right thing to do is reconfigure them. I've seen a good trend line in NTP servers being fixed, and hope we will see more of that in the next few weeks.
Depending on your OS, the fixes can be quite simple or interesting. On my FreeBSD servers, simply updating with "freebsd-update" was enough to fix the issue (in addition to limiting who/what can access the service). On Cisco devices, the ACL's you can attach to the NTP process are quite effective. On Juniper devices, it is less intuitive, and even though NTP is enabled only as a client, it, sadly, runs the server as well. A firewall filter helps here when applied correctly. Can't speak to other OS's. Mark.
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- ddos attack blog Cb B (Feb 13)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Re: ddos attack blog Paul Ferguson (Feb 13)
- Re: ddos attack blog John (Feb 13)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Re: ddos attack blog Mark Tinka (Feb 14)
- Re: ddos attack blog Wayne E Bouchard (Feb 14)
- Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Joe Provo (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Jeff Kell (Feb 14)
- Re: ddos attack blog Jared Mauch (Feb 13)
- Message not available
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Larry Sheldon (Feb 14)
- Re: Permitting spoofed traffic [Was: Re: ddos attack blog] Paul Ferguson (Feb 14)
- Re: ddos attack blog John (Feb 14)
- <Possible follow-ups>
- Re: ddos attack blog Hal Murray (Feb 14)
- Re: ddos attack blog joel jaeggli (Feb 14)