ntp

2 April 2014 at 11:35am

Update on filtering of large ntp packets

James Davis
ntp
filtering
DDOS
infosec
CSIRT
We continue to monitor the effect of the filtering of large ntp packets (> 128 bytes) at the Janet borders. Where people have had concerns we've been working with them to make sure that their work is impacted as little as possible by this measure. The filtering has had a large reduction on the impact to Janet infrastructure but the current filtering limits still allow enough traffic through the Janet border to cause disruption for customers with 100Mb/s, or busy 1Gb/s, connections.
Read more
21 February 2014 at 2:10pm

Limiting ntp traffic on Janet

James Davis
CSIRT
block
ntp
DDOS
The increasing frequency, number and size of ntp based DDoS attacks against Janet connected organisations has at times briefly degraded connectivity to sections of the network. Whilst we are able to react to these attacks as and when they occur, the impact upon our customers can be significant. This situation is far from unique to Janet - ISPs globally are struggling with this issue.
Read more

Seven steps to secure ntp servers from DDoS attacks

James Davis
Thursday, February 13, 2014 - 15:36
ntp
DDOS
DoS
reflection
infosec
Network time protocol (ntp) servers are regularly being used to reflect and amplify spoofed UDP packets towards the target of a DDoS attack. Attacks are growing in size and frequency and sometimes even cause issues for the organisations hosting the reflectors. Servers offering the 'monlist' command are particularly troublesome and can provide a huge amplification affect.
Read more
Subscribe to ntp