Author Topic: Computer security folks, legit threat or overblown? (Read 598 times)

Balog · « **on:** February 14, 2014, 08:47:01 PM »

http://threatpost.com/400-gbps-ntp-amplification-attack-alarmingly-simple/104256

I'd try to sum this up but I frankly didn't fully grok most of the technical stuff. Is this a legit new issue or just journos being journos?

Azrael256 · « **Reply #1 on:** February 15, 2014, 12:06:07 AM »

Meh. Legit-ish. DDoS attacks happened before this, and will happen after.

It's easy to disable the attack vector. It's not a data breach kind of issue, so.. Meh.

mtnbkr · « **Reply #2 on:** February 15, 2014, 08:08:33 AM »

Unfortunately, a lot of orgs used external NTP sources (rather than standing up their own NTP services in-house). Many of those DON'T pay attention to traffic on port 123 even when it is suspicious because "it's just NTP".

Chris

RevDisk · « **Reply #3 on:** February 15, 2014, 07:14:54 PM »

Old technique, legit issue. It would only take 50 lines of C to cripple a large section of the internet using DNS amplification attacks. But far from original.

Armed Polite Society

News:

Author Topic: Computer security folks, legit threat or overblown? (Read 598 times)

Balog

Computer security folks, legit threat or overblown?

Azrael256

Re: Computer security folks, legit threat or overblown?

mtnbkr

Re: Computer security folks, legit threat or overblown?

RevDisk

Re: Computer security folks, legit threat or overblown?