Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Mar 2014 21:43:37 -0600
From:      Brett Glass <brett@lariat.org>
To:        d@delphij.net, Fabian Wenk <fabian@wenks.ch>, freebsd-security@freebsd.org
Cc:        Ollivier Robert <roberto@freebsd.org>, hackers@lists.ntp.org
Subject:   Re: NTP security hole CVE-2013-5211?
Message-ID:  <201403150343.VAA27172@mail.lariat.net>
In-Reply-To: <5323AF47.9080107@delphij.net>
References:  <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com> <86d2jud85v.fsf@nine.des.no> <52D7A944.70604@wenks.ch> <201403141700.LAA21140@mail.lariat.net> <5323AF47.9080107@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 07:39 PM 3/14/2014, Xin Li wrote:
 
>FreeBSD 10.0-RELEASE ships with new default NTP settings, are you
>talking an earlier RC (before RC4 as r259975), or are you saying
>10.0-RELEASE ships with a ntp.conf with wrong defaults?

The latter. The ntp.conf shipped with 10.0-RELEASE still allows
relaying of attacks, even with an ntpd that is patched to prevent
amplification.

>We sure can do this as a new advisory but it's not guaranteed to work
>because end user may have to do manual merge and may choose not to
>accept these.

True. Perhaps, if freebsd-update finds that ntp.conf is not the
default that was shipped with the release, a warning should be given that 
a manual merge is needed.

>Note that like I stated before, for attackers it would be efficient to
>just deliver the packets themselves, 

Attackers have an interest in obfuscating the sources of attacks, since
this makes them more difficult to block. We have several patched servers 
which malicious parties are attempting to use as relays even though they
cannot use them to amplify the volume of data sent. Once we altered
ntp.conf, we were able to put a stop to this.

--Brett Glass

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403150343.VAA27172>