[186723] in North American Network Operators' Group
Fwd: port 123 reflection attacks
daemon@ATHENA.MIT.EDU (Colin Johnston)
Wed Dec 30 04:05:10 2015
X-Original-To: nanog@nanog.org
From: Colin Johnston <colinj@gt86car.org.uk>
Date: Wed, 30 Dec 2015 09:04:59 +0000
To: NANOG <nanog@nanog.org>,
cncert@cert.org.cn
Errors-To: nanog-bounces@nanog.org
Where does it say we need to contact home cert instead on your website ?
verification of what ?
HSOFT ranges have been compromised by NTP reflection attacks and the NTP =
servers hosted by HSOFT need to have a NTP update.
This has been discussed on NANOG and I also sent information in Chinese =
to aid debug as well.
Have had no response from HSOFT=E2=80=A6
Colin
> Begin forwarded message:
>=20
> From: "cncertcc" <cncert@cert.org.cn>
> Subject: Re:Fwd: port 123 reflection attacks
> Date: 30 December 2015 at 08:15:28 GMT
> To: "Colin Johnston" <colinj@gt86car.org.uk>
>=20
> Greetings,
> Please forward the case to the corresponding CERT you are located in =
first to have it transferred to CNCERT after verification. Thanks for =
your understanding.
> =20
> =20
>=20
>=20
>=20
>=20
> ------------------
>=20
> Thanks and Regards
> CNCERT/CC
> --------------------------------------------------------
> =E5=9B=BD=E5=AE=B6=E4=BA=92=E8=81=94=E7=BD=91=E5=BA=94=E6=80=A5=E4=B8=AD=
=E5=BF=83
> National Computer network Emergency Response technical Team / =
Coordination Center of China
> Tel:+8610-82991000 fax:+8610-82990375
> email: cncert@cert.org.cn website:www.cert.org.cn
> Address: A3 Yumin Road, Chaoyang District, Beijing,100029, China=20
> --------------------------------------------------------
> =20
> =20
> =20
> ------------------ Original ------------------
> From: "Colin Johnston"<colinj@gt86car.org.uk>;
> Date: Fri, Dec 25, 2015 07:31 PM
> To: "cncertcc"<cncert@cert.org.cn>;
> Cc: "Colin Johnston"<colinj@gt86car.org.uk>;
> Subject: Fwd: port 123 reflection attacks
> =20
>=20
>=20
>> Begin forwarded message:
>>=20
>> From: Colin Johnston <colinj@gt86car.org.uk =
<mailto:colinj@gt86car.org.uk>>
>> Subject: Fwd: port 123 reflection attacks
>> Date: 25 December 2015 at 11:27:02 GMT
>> To: oversea-support@cnnic.cn <mailto:oversea-support@cnnic.cn>, =
bdservice@cnnic.cn <mailto:bdservice@cnnic.cn>
>> Cc: Colin Johnston <colinj@gt86car.org.uk =
<mailto:colinj@gt86car.org.uk>>
>>=20
>> Can you investigate with priority please
>>=20
>> Colin
>>=20
>>=20
>>> Begin forwarded message:
>>>=20
>>> From: Colin Johnston <colinj@gt86car.org.uk =
<mailto:colinj@gt86car.org.uk>>
>>> Subject: port 123 reflection attacks
>>> Date: 25 December 2015 at 11:19:26 GMT
>>> To: 16036260@qq.com <mailto:16036260@qq.com>, ipas@cnnic.cn =
<mailto:ipas@cnnic.cn>
>>> Cc: Colin Johnston <colinj@gt86car.org.uk =
<mailto:colinj@gt86car.org.uk>>
>>>=20
>>> please stop the port 123 reflection attacks from 115.47.24.220
>>>=20
>>> Colin
>>>=20
>>=20
>=20
