Last updated: 
4 months 5 days ago
Blog Manager
We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

Limiting ntp traffic on Janet

Friday, February 21, 2014 - 14:10

The increasing frequency, number and size of ntp based DDoS attacks against Janet connected organisations has at times briefly degraded connectivity to sections of the network. Whilst we are able to react to these attacks as and when they occur, the impact upon our customers can be significant. This situation is far from unique to Janet - ISPs globally are struggling with this issue.

To protect our infrastructure, early next week we plan to implement traffic policing on ntp traffic at entry points to Janet. This will ensure that only a certain volume of ntp traffic will be able to enter the network at one time, limiting the maximum size of any attack. This will likely result in some legitimate ntp traffic being blocked but is preferable to the outright blocking of all ntp traffic. These blocks will be placed on our interfaces to our transit providers and peers. We will carefully monitor the situation to ensure as little disruption as possible.

If you have any questions, please do not hesitate to contact CSIRT or the Janet service desk.