Fwd: port 123 reflection attacks

Colin Johnston colinj at gt86car.org.uk
Wed Dec 30 09:04:59 UTC 2015


Where does it say we need to contact home cert instead on your website ?
verification of what ?
HSOFT ranges have been compromised by NTP reflection attacks and the NTP servers hosted by HSOFT need to have a NTP update.

This has been discussed on NANOG and I also sent information in Chinese to aid debug as well.

Have had no response from HSOFT…

Colin


> Begin forwarded message:
> 
> From: "cncertcc" <cncert at cert.org.cn>
> Subject: Re:Fwd: port 123 reflection attacks
> Date: 30 December 2015 at 08:15:28 GMT
> To: "Colin Johnston" <colinj at gt86car.org.uk>
> 
> Greetings,
> Please forward the case to the corresponding CERT you are located in first to have it transferred to CNCERT after verification. Thanks for your understanding.
>  
>  
> 
> 
> 
> 
> ------------------
> 
> Thanks and Regards
> CNCERT/CC
> --------------------------------------------------------
> 国家互联网应急中心
> National Computer network Emergency Response technical Team / Coordination Center of China
> Tel:+8610-82991000 fax:+8610-82990375
> email: cncert at cert.org.cn website:www.cert.org.cn
> Address: A3 Yumin Road, Chaoyang District, Beijing,100029, China 
> --------------------------------------------------------
>  
>  
>  
> ------------------ Original ------------------
> From:  "Colin Johnston"<colinj at gt86car.org.uk>;
> Date:  Fri, Dec 25, 2015 07:31 PM
> To:  "cncertcc"<cncert at cert.org.cn>;
> Cc:  "Colin Johnston"<colinj at gt86car.org.uk>;
> Subject:  Fwd: port 123 reflection attacks
>  
> 
> 
>> Begin forwarded message:
>> 
>> From: Colin Johnston <colinj at gt86car.org.uk <mailto:colinj at gt86car.org.uk>>
>> Subject: Fwd: port 123 reflection attacks
>> Date: 25 December 2015 at 11:27:02 GMT
>> To: oversea-support at cnnic.cn <mailto:oversea-support at cnnic.cn>, bdservice at cnnic.cn <mailto:bdservice at cnnic.cn>
>> Cc: Colin Johnston <colinj at gt86car.org.uk <mailto:colinj at gt86car.org.uk>>
>> 
>> Can you investigate with priority please
>> 
>> Colin
>> 
>> 
>>> Begin forwarded message:
>>> 
>>> From: Colin Johnston <colinj at gt86car.org.uk <mailto:colinj at gt86car.org.uk>>
>>> Subject: port 123 reflection attacks
>>> Date: 25 December 2015 at 11:19:26 GMT
>>> To: 16036260 at qq.com <mailto:16036260 at qq.com>, ipas at cnnic.cn <mailto:ipas at cnnic.cn>
>>> Cc: Colin Johnston <colinj at gt86car.org.uk <mailto:colinj at gt86car.org.uk>>
>>> 
>>> please stop the port 123 reflection attacks from 115.47.24.220
>>> 
>>> Colin
>>> 
>> 
> 




More information about the NANOG mailing list