ddos attack blog

Jared Mauch jared at puck.nether.net
Thu Feb 13 17:17:10 UTC 2014


On Feb 13, 2014, at 12:06 PM, Cb B <cb.list6 at gmail.com> wrote:

> Good write up, includes name and shame for AT&T Wireless, IIJ, OVH,
> DTAG and others
> 
> http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack
> 
> Standard plug for http://openntpproject.org/ and
> http://openresolverproject.org/ and bcp38 , please fix/help.
> 
> For those of you paying attention to the outage list, this is a pretty
> big deal that has had daily ramification for some very big networks
> https://puck.nether.net/pipermail/outages/2014-February/date.html
> 
> In general, i think UDP is doomed to be blocked and rate limited --
> tragedy of the commons.  But, it would be nice if folks would just fix
> the root of the issue so the rest of us don't have go there...

While I'm behind some of the inventory projects (so you can go ahead and fix.. let me know
if you need/want the URLs to see data for your networks)...

I must provide credit to those behind the "Amplification Hell" talk at NDSS.  If you
are at all interested in what is going on, you should attend or review the content.

http://www.internetsociety.org/ndss2014/programme

BCP-38 on your customers is going to be critical to prevent the abuse reaching your
network.  Please ask your vendors for it, and ask for your providers to filter your
network to prevent you originating this abuse.

If you operate hosted VMs, servers, etc.. please make sure those netblocks are
secured as well.

You can easily check your network (As can the bad guys!) here:

http://spoofer.cmand.org/

- Jared


More information about the NANOG mailing list