[TICTOC] Attackers use NTP reflection in huge DDoS attack
Yaakov Stein <yaakov_s@rad.com> Thu, 13 February 2014 07:42 UTC
Return-Path: <yaakov_s@rad.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B88311A0149 for <tictoc@ietfa.amsl.com>; Wed, 12 Feb 2014 23:42:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.136
X-Spam-Level:
X-Spam-Status: No, score=-2.136 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HOST_MISMATCH_COM=0.311, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6vMZyaCpHfS for <tictoc@ietfa.amsl.com>; Wed, 12 Feb 2014 23:42:04 -0800 (PST)
Received: from rad.co.il (mailrelay01-ib1.rad.com [94.188.133.165]) by ietfa.amsl.com (Postfix) with ESMTP id 02EC91A0148 for <tictoc@ietf.org>; Wed, 12 Feb 2014 23:42:03 -0800 (PST)
Received: from Internal Mail-Server by MailRelay01 (envelope-from yaakov?s@rad.com) with RC4-SHA encrypted SMTP; 13 Feb 2014 09:41:19 +0200
Received: from EXRAD6.ad.rad.co.il (2002:c072:18be::c072:18be) by exrad6.ad.rad.co.il (2002:c072:18be::c072:18be) with Microsoft SMTP Server (TLS) id 15.0.775.38; Thu, 13 Feb 2014 09:41:59 +0200
Received: from EXRAD6.ad.rad.co.il ([fe80::f157:6202:5fc8:a4f0]) by exrad6.ad.rad.co.il ([fe80::f157:6202:5fc8:a4f0%12]) with mapi id 15.00.0775.031; Thu, 13 Feb 2014 09:41:59 +0200
From: Yaakov Stein <yaakov_s@rad.com>
To: "ntpwg@lists.ntp.org" <ntpwg@lists.ntp.org>
Thread-Topic: Attackers use NTP reflection in huge DDoS attack
Thread-Index: Ac8ojxNGY0WxuJoMTiCAm/4Hg1+BDA==
Date: Thu, 13 Feb 2014 07:41:59 +0000
Message-ID: <f269255720f044ebb52f6db0b9309a31@exrad6.ad.rad.co.il>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2002:c073:f33e::c073:f33e]
Content-Type: multipart/alternative; boundary="_000_f269255720f044ebb52f6db0b9309a31exrad6adradcoil_"
MIME-Version: 1.0
X-Commtouch-Refid: str=0001.0A0C0203.52FC7748.00D2, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 (Unknown)
Cc: "tictoc@ietf.org" <tictoc@ietf.org>
Subject: [TICTOC] Attackers use NTP reflection in huge DDoS attack
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 07:42:06 -0000
Attackers abused insecure Network Time Protocol servers to launch what appears to be one of the largest DDoS attacks ever reported. See : http://www.computerworld.com/s/article/9246230/Attackers_use_NTP_reflection_in_huge_DDoS_attack http://www.informationweek.com/security/attacks-and-breaches/ddos-attack-hits-400-gbit-s-breaks-record/d/d-id/1113787 http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks Y(J)S
- [TICTOC] Attackers use NTP reflection in huge DDo… Yaakov Stein