Date: Tue, 14 Jan 2014 09:17:51 +0100 From: Cristiano Deana <cristiano.deana@gmail.com> To: Xin LI <d@delphij.net> Cc: freebsd-security@freebsd.org, Palle Girgensohn <girgen@freebsd.org> Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <CAO82ECEc9FtxRF4kEH0CieqGMCkGrscp7pDb3KJ48w2rVipSvg@mail.gmail.com> In-Reply-To: <52D44173.1070007@delphij.net> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com> <52D44173.1070007@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 13, 2014 at 8:41 PM, Xin Li <delphij@delphij.net> wrote: Hi Xin, Do you have packet captures? If the configuration I have suggested > didn't stop the attack, you may have a different issue than what we have > found. > Please, take a look here https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks I tried all other mitigation, with limits and all. Only the update worked for me. No, I don0t have any packet capture, and please don't ask for it... i already DoSsed some chinese host in november with 300Mbit of udp flood... > I think it's better to upgrade the version in base AND to write a security > advisory. I wish we could, but 4.2.7 is a moving target right now. > > Most Open Source projects does not provide support to their development > branch or snapshots, and it would be a headache in support prospective, > because once a FreeBSD release is released, we would support it for at > least 12 months (some releases are supported for 24 months or even more). > I understand, thank you. In the other case we have *potentially* a new system tha can be used for DoS out of the box. Thanks, Cris -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAO82ECEc9FtxRF4kEH0CieqGMCkGrscp7pDb3KJ48w2rVipSvg>