top of page

When time attacks

Earlier today we noted an attack that we haven't really observed all that often. Normally we would just ignore these because they typically don't cause impact but we noted a large influx of traffic from a single IP that was attempting to overload a third party with forged NTP request.

Starting on the 4th of December and still active as of today, 199[.]195[.]252[.]32 is actively utilizing NTP reflection attacks. The target of the attacks is not being disclosed at this time but we will mention that it's located in the middle east.

Jigsaw Security will continue to monitor this activity. We have not observed any outages in the middle east (in which we have significant infrastructure) where we monitor traffic.

You can research this type of attack here. This vulnerability is largely unpatched by most ISP's and is still relatively effective. A US based retailer is also being targeted which may interfere with holiday shopping.

4 views0 comments
bottom of page