On Tue, Feb 18, 2014 at 04:53:44AM +0200, Mark Tinka wrote: > On Tuesday, February 18, 2014 04:29:31 AM Aaron wrote: > > > My gosh! NTP ddos attacks are coming like crazy lately. > > Y'all getting hit ? > > > > I'm going to need to setup a bgp injection thingy with my > > upstream providers to signal a /32 for my victim(s) in > > my network so I can selective blackhole traffic in the > > cloud prior to it hitting my internet links..... this is > > getting really bad > > It's been an issue since early last month. > > Be sure to have ACL's for your NTP sessions from your > routers/switches/AP's/e.t.c., as well as patched > NTP/filtered servers to eliminate attack surfaces.
BTW, our attempts to filter NTP on 6500s running 15.1(1)SY1 and 15.1(2)SY1 IOS code have been unsuccessful due to bug CSCuj66318: -------------------- "After applying an NTP access-group to deny inbound NTP queries, a device still responds to NTP queries as if the ACL was not configured." -------------------- The bugID states that it only affects 15.2 code, but it also affects 15.1. This also affects 15.1 code on 4500s and 15.2 code on 3560s. Bug severity set by Cisco to "Severity: 3 Moderate" Cisco definition for Moderate severity level: ____________________ "Things fail under unusual circumstances, or minor features do not work at all, or things fail but there is a low-impact workaround. This is the highest level for documentation bugs." -------------------- -Charles Charles E. Spurgeon University of Texas at Austin / ITS Networking [email protected] / 512.475.9265 _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
