On Feb 13, 2014, at 12:06 PM, Cb B <cb.li...@gmail.com> wrote: > Good write up, includes name and shame for AT&T Wireless, IIJ, OVH, > DTAG and others > > http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack > > Standard plug for http://openntpproject.org/ and > http://openresolverproject.org/ and bcp38 , please fix/help. > > For those of you paying attention to the outage list, this is a pretty > big deal that has had daily ramification for some very big networks > https://puck.nether.net/pipermail/outages/2014-February/date.html > > In general, i think UDP is doomed to be blocked and rate limited -- > tragedy of the commons. But, it would be nice if folks would just fix > the root of the issue so the rest of us don't have go there...
While I'm behind some of the inventory projects (so you can go ahead and fix.. let me know if you need/want the URLs to see data for your networks)... I must provide credit to those behind the "Amplification Hell" talk at NDSS. If you are at all interested in what is going on, you should attend or review the content. http://www.internetsociety.org/ndss2014/programme BCP-38 on your customers is going to be critical to prevent the abuse reaching your network. Please ask your vendors for it, and ask for your providers to filter your network to prevent you originating this abuse. If you operate hosted VMs, servers, etc.. please make sure those netblocks are secured as well. You can easily check your network (As can the bad guys!) here: http://spoofer.cmand.org/ - Jared
