<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Thanks, Sean and Bill, for the helpful links. The cloudflare.com
article offers a link to SANS's ISC site with a very simple tip:
just add "disable monitor" to your /etc/ntp.conf file. This works
even with ntp-4.2.2p1 on RHEL 5, and is way easier than figuring
if/how I can update to 4.2.7, or if Team Cymru's highly locked-down
config for simple NTP clients will work OK for a 3 peer stratum 2
config like what I'm using.<br>
<br>
Gilles<br>
<br>
<div class="moz-cite-prefix">On 13/02/2014 11:29 PM, Sean Walberg
wrote:<br>
</div>
<blockquote
cite="mid:CAMi1z0BiTX_kAm-_YtA4jQ7j7358OJgCUE7Y_BQhgz2zyjxrbw@mail.gmail.com"
type="cite">
<div dir="ltr">Some more technical details: <a
moz-do-not-send="true"
href="http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack">http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack</a>
<div>
<br>
</div>
<div>There's a comment at the bottom to the effect of "there's
an even worse problem hiding in SNMP"</div>
<div><br>
</div>
<div>Sean</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
On Wed, Feb 12, 2014 at 5:57 PM, Bill Reid <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:billreid@shaw.ca"
target="_blank">billreid@shaw.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Here is an article on the attack.<br>
<br>
<a moz-do-not-send="true"
href="http://www.informationweek.com/security/attacks-and-breaches/ddos-attack-hits-400-gbit-s-breaks-record/d/d-id/1113787"
target="_blank">http://www.informationweek.com/security/attacks-and-breaches/ddos-attack-hits-400-gbit-s-breaks-record/d/d-id/1113787</a><br>
<br>
On 12/02/14 08:17, John Lange wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Does anyone know of a public site which documents the
traffic associated with<br>
the recent NTP DDOS attacks?<br>
<br>
I'm trying to see if the attacks correlate to some packet
loss we are seeing.<br>
<br>
--<br>
John Lange<br>
<br>
<br>
<br>
_______________________________________________<br>
Roundtable mailing list<br>
<a moz-do-not-send="true"
href="mailto:Roundtable@muug.mb.ca" target="_blank">Roundtable@muug.mb.ca</a><br>
<a moz-do-not-send="true"
href="http://www.muug.mb.ca/mailman/listinfo/roundtable"
target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
<br>
</blockquote>
_______________________________________________<br>
Roundtable mailing list<br>
<a moz-do-not-send="true"
href="mailto:Roundtable@muug.mb.ca" target="_blank">Roundtable@muug.mb.ca</a><br>
<a moz-do-not-send="true"
href="http://www.muug.mb.ca/mailman/listinfo/roundtable"
target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Sean Walberg <<a moz-do-not-send="true"
href="mailto:sean@ertw.com" target="_blank">sean@ertw.com</a>>
<a moz-do-not-send="true" href="http://ertw.com/"
target="_blank">http://ertw.com/</a>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Roundtable mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a>
<a class="moz-txt-link-freetext" href="http://www.muug.mb.ca/mailman/listinfo/roundtable">http://www.muug.mb.ca/mailman/listinfo/roundtable</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Gilles R. Detillieux E-mail: <a class="moz-txt-link-rfc2396E" href="mailto:grdetil@scrc.umanitoba.ca"><grdetil@scrc.umanitoba.ca></a>
Spinal Cord Research Centre WWW: <a class="moz-txt-link-freetext" href="http://www.scrc.umanitoba.ca/">http://www.scrc.umanitoba.ca/</a>
Dept. Physiology, U. of Manitoba Winnipeg, MB R3E 0J9 (Canada)
</pre>
</body>
</html>