Date: Sat, 15 Mar 2014 10:18:00 -0700 From: Xin Li <delphij@delphij.net> To: Brett Glass <brett@lariat.org>, d@delphij.net, Fabian Wenk <fabian@wenks.ch>, freebsd-security@freebsd.org Cc: Ollivier Robert <roberto@freebsd.org>, hackers@lists.ntp.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <53248B48.5040108@delphij.net> In-Reply-To: <201403150931.DAA29130@mail.lariat.net> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com> <86d2jud85v.fsf@nine.des.no> <52D7A944.70604@wenks.ch> <201403141700.LAA21140@mail.lariat.net> <5323AF47.9080107@delphij.net> <201403150343.VAA27172@mail.lariat.net> <5323E670.5020905@delphij.net> <201403150931.DAA29130@mail.lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 3/15/14, 2:30 AM, Brett Glass wrote: > At 11:34 PM 3/14/2014, Xin Li wrote: > >> I can't reproduce with fresh install. How did you tested it (or >> what is missing in the default ntp.conf), can you elaborate? > > I have tested it under actual attack. > > Without the lines I mentioned in /etc/ntp.conf, the server will > respond to monitor queries with rejection packets of the same size > as the attack Either it wouldn't or my test was wrong. My test was 'ntpdc -c monlist' and tcpdump. > packets. If the source addresses of the attack packets are spoofed, > the attack is relayed. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTJItIAAoJEJW2GBstM+nsSAAP/3L0Z+c+rd5HLDjtVZ2zvjMD rziFxOUDgIqXv/Ph6vxPwgwYQhXWf6/I6Um/Upacb5AiVWffHyogkuBBGuxvGu1T k2Vz0HzCY3HBMJvO/spQ2vbkfKYLuyrZtKJQMuB7B+wO7wdeKX2hAUDoHN4pKPTt uul5B3cUwZmlAa8kyblWSJHf6bmINKjRZ+R+oKQpYwBBm0JaPWxZgKOCceHWrVTy YhK+IcEtosq5Fw5QS17+J3Qh++evyjVtGP0CeanxLsH108aAPU4WJ6yfzynUQeeX B3U8dviQXsT0XrH5U+ADoF0Y+ypUmyRNLtJShkgQhsqTME2iTOYZcotDj1Ads0Tm kgogo21vTfYW5DT9BCqrDyhba2RVdGHrl9VytyLDws6lDbbFllG0J9nrvrh8O+Ow 8VSb/ENePAMuRlYGxsZ9kob436+/sBT4E7TIVuQM0DwVs6dR16tiVxTCdGnFKe1D BYcwEYE9oGUeGXo/S6VMyO8qDtHGHIFomO8o8LXL6EB2dIUAoWlFZsre+HInDOkn TlTaMcOmemS3ylwpoOoaggSV/6JV+k9ks41WHLy2UjEBHM+Ur9DsRgVhNY513Ouj TuNEiBBwZOj3Y7bAOfKAOyKcKRVcY7CeYz1cq/VgLRbiw/pmHMu1TqRafKF0RHi7 Lhu+UUAIZMtHiDms52UZ =xChL -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53248B48.5040108>