We have a CASA C2200 CMTS and recently being used for NTP Reflection Attack. I am trying to figure out how can I block requests coming in from Internet for NTP but could not figure out a good way of doing this. Did anybody figure this out?
Thanks,
Gent
Add a rule to drop inbound UDP port 123 on your WAN interface. If the attack is originating on the DOCSIS interface you need to accept UDP port 123 from HFC IP address's and drop them from all others.
Leo