[169123] in North American Network Operators' Group
Re: ddos attack blog
daemon@ATHENA.MIT.EDU (Mark Tinka)
Fri Feb 14 03:11:25 2014
From: Mark Tinka <mark.tinka@seacom.mu>
To: nanog@nanog.org
Date: Fri, 14 Feb 2014 10:10:37 +0200
In-Reply-To: <D5A7B3A4-3C3D-4ED6-8B19-5BE45250CC07@puck.nether.net>
Reply-To: mark.tinka@seacom.mu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart2153372.fD0VK7oFjQ
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On Friday, February 14, 2014 03:01:27 AM Jared Mauch wrote:
> I would actually like to ask for those folks to un-block
> NTP so there is proper data on the number of hosts for
> those researching this. The right thing to do is
> reconfigure them. I've seen a good trend line in NTP
> servers being fixed, and hope we will see more of that
> in the next few weeks.
Depending on your OS, the fixes can be quite simple or=20
interesting.
On my FreeBSD servers, simply updating with "freebsd-update"=20
was enough to fix the issue (in addition to limiting=20
who/what can access the service).
On Cisco devices, the ACL's you can attach to the NTP=20
process are quite effective.
On Juniper devices, it is less intuitive, and even though=20
NTP is enabled only as a client, it, sadly, runs the server=20
as well. A firewall filter helps here when applied=20
correctly.
Can't speak to other OS's.
Mark.
--nextPart2153372.fD0VK7oFjQ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAABAgAGBQJS/c+AAAoJEGcZuYTeKm+GI0kP/RzPuVq3KaKIotscbFrdTJiw
LHqz2YCVf1wdLuIVr8epLp62wb0e7t2usA95+hAUMxTiwW9oMEm4admoXaPhY/qC
gt3/4jPioobrdQ4xOsVB6Ou4F6SvoKOHaWs6TpXuB3yujSbUWIaKZdO17Ur270sa
7SFfuBNDoUNctheLBJCSgaTe1snDxMQgmxvj+x7ddGZ7eNmlq8q+XSxizbuPO/aq
uhfZ3CYM2IWHoZrYMAqkEg/aI8LP8gLCwaIPlVm0qLi3aQKnZGD0JiCmbdX/VkKY
TwGFIe2sH7mfsZvNSEn8bTyhZY7FyK95blNE+twT5Eg720bnpYJujUBkg4UmHLKW
on7IZFoWUaJxDTGD42eMDsEV3hKrD4AjzTf5cOO09n/FPCuFnh4XPQsevs5Z28zI
bFgStuIpxvMBbnC4Hv0W6lYftcLD2FWoRVkv2aX+xA5b+CTs3JqKMDXNwzFwVgaa
LNyH6xeoW4xQBG0YftDa5/6u8XRnFYpmMUu7m+Vv+PQRm18ml7BWtYBNPzcs+5h8
k6qGbXxXIbc6t6422doJsckEdmJMVVJVZg/cDk5m6vJTF6w4lk0a0CkKA0jwWtgh
hQWM2FJyl2LgJqkK5XVEr+jWu7ef3VsbLKphLk7xZqGcFFTKFjecKvZWLhavKaik
+oy+j1w+9cdE4UtIeA9c
=g6KI
-----END PGP SIGNATURE-----
--nextPart2153372.fD0VK7oFjQ--
