Global DNS and NTP amplification attacks

Dear customer

Recently there seems to be a significant increase of cyber-incidents. According to Cert, the federal cyber emergency team, the number of cyber-incidents in Belgium doubled in 2013 (https://www.cert.be/docs/number-cyber-incidents-belgium-doubled-2013).

More often cyber criminals use so-called amplification attacks that specifically abuse NTP (Network Time Protocol) and DNS (Domain Name Systems) servers: http://www.us-cert.gov/ncas/alerts/TA14-017A (for Belgium: https://www.cert.be/docs/dns-amplification-attacks-and-open-dns-resolvers). Cyber criminals search for vulnerable devices in a network which are used to initiate such attacks. We can confirm that we see a huge increase of such attacks on our network as well.

Edpnet has always been a provider reluctant to block ports on its network. But because of the increase of these attacks, we are now forced to start blocking certain protocols in order to protect the quality of our network, the internet and your surfing experience as a customer.

Therefore ports 53 (DNS) and 123 (NTP) will be blocked as from today. If you are using a fixed IP-address and you would like these ports to remain open, please contact us. We are able to make exceptions for fixed IP customers.

Do not hesitate to contact us on following number 03 265 67 00 if you should have questions left.

Customer-friendly regards
The edpnet helpdesk team

4 April 2014
Global DNS en NTP amplification attacks

Leave a Reply

Your email address will not be published / Required fields are marked *