On 02/10/2014 08:49 AM, Brian Rak wrote: > Your servers both look okay. What did the email say?
This is the email that came in this weekend. Not sure when it supposedly occurred though. > > Dear Admin, The following IP address, 65.182.224.39, which is located > on your network has been actively exploited to launch launch a > distributed denial of service attack against one or more IP addresses > in the ranges of 108.170.21.34/29, and/or 184.164.158.160/29. The > attack was detected as NTP Amplification, and the CVE on the exploited > vulnerability can be found here: > http://www.cvedetails.com/cve/CVE-2013-5211/. Please patch, or notify > your customer to patch this vulnerability to help make the internet a > better place for us all. If you require any other information, such as > TCP Dump logs from the attack, please contact me at [email protected] > THIS EMAIL IS NOT ACTIVELY MONITORED, DO NOT REPLY TO THIS EMAIL!!. -- Scott Baker - Canby Telcom System Administrator - RHCE - 503.266.8253 _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
