Date: Tue, 14 Jan 2014 14:54:27 +0100 From: Cristiano Deana <cristiano.deana@gmail.com> To: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, Palle Girgensohn <girgen@freebsd.org>, Xin LI <d@delphij.net> Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <CAO82ECHEqOp1vFQ5im8gUOrmVqVCYnv2Tc8tPgZG0uftzjQs_w@mail.gmail.com> In-Reply-To: <86d2jud85v.fsf@nine.des.no> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com> <86d2jud85v.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 14, 2014 at 2:06 PM, Dag-Erling Sm=F8rgrav <des@des.no> wrote: Hi, > I tried several workaround with config and policy, and ended up you MUST > > have 4.2.7 to stop these kind of attacks. > > Doesn't "restrict noquery" block monlist in 4.2.6? I didn't try. Following this document: https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks "Currently the best available solution is to update to NTP 4.2.7p26 for which the support of 'monlist' query has been removed in favor of new safe 'mrunlist' function which uses a nonce value ensuring that received IP address match the actual requester" I upgraded directly to net/ntp-devel, skipping net/ntp. That has been published in first days of DDoS discovering, maybe now it's more clear how the vuln works. --=20 Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAO82ECHEqOp1vFQ5im8gUOrmVqVCYnv2Tc8tPgZG0uftzjQs_w>