What should be reported to management if there is a 20% increase in UDP port 123 packets?

A 20% increase in UDP port 123 packets indicates a significant rise in Network Time Protocol (NTP) traffic, which can be a sign of an NTP client-side attack. NTP is commonly used for synchronizing clocks over the internet, but it can also be exploited for malicious activities such as DDoS amplification attacks.

When there is an abnormal increase in this type of traffic, it is crucial to investigate further as it may signify that certain hosts are being targeted or exploited. Reporting this to management is essential to ensure that appropriate measures are taken to secure the network and investigate the potential threat. Recognizing unusual patterns of network traffic, such as the increase in UDP port 123 packets, is a critical aspect of network security monitoring, and it warrants further scrutiny to ensure the integrity and security of the system.