From owner-freebsd-security@FreeBSD.ORG  Tue Jan 14 14:06:04 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CB1227DB;
 Tue, 14 Jan 2014 14:06:04 +0000 (UTC)
Received: from emailsecure.uni-linz.ac.at (emailsecure.uni-linz.ac.at
 [140.78.3.66]) by mx1.freebsd.org (Postfix) with ESMTP id 8A39F18AB;
 Tue, 14 Jan 2014 14:06:04 +0000 (UTC)
Received: from dyn-ant77.edvz.uni-linz.ac.at (dyn-ant77.edvz.uni-linz.ac.at
 [140.78.6.77])
 by emailsecure.uni-linz.ac.at (Postfix) with ESMTPSA id 832175C033;
 Tue, 14 Jan 2014 15:00:27 +0100 (CET)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: NTP security hole CVE-2013-5211?
From: Ferdinand Goldmann <ferdinand.goldmann@jku.at>
In-Reply-To: <86d2jud85v.fsf@nine.des.no>
Date: Tue, 14 Jan 2014 15:00:27 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <97DABA91-0F6E-4109-992D-A3ADFE799018@jku.at>
References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org>
 <52CEAD69.6090000@grosbein.net>
 <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org>
 <52CF82C0.9040708@delphij.net>
 <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com>
 <86d2jud85v.fsf@nine.des.no>
To: =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
X-Mailer: Apple Mail (2.1510)
Cc: freebsd-security@freebsd.org, Xin LI <d@delphij.net>,
 Palle Girgensohn <girgen@freebsd.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2014 14:06:04 -0000


On 14.01.2014, at 14:06, Dag-Erling Sm=F8rgrav <des@des.no> wrote:

> Cristiano Deana <cristiano.deana@gmail.com> writes:
>> I tried several workaround with config and policy, and ended up you =
MUST
>> have 4.2.7 to stop these kind of attacks.
>=20
> Doesn't "restrict noquery" block monlist in 4.2.6?

I think it should be possible to block it using:

disable monitor=20

seems to work for me.

Best Regards,
Ferdinand Goldmann
--=20
>> Ferdinand Goldmann
>> Johannes Kepler University Linz - Information Management
>> Mail: Ferdinand.Goldmann@jku.at Phone: 00437024683925 Fax: =
00437024689397
>> A lack of planning on your part doesn't constitute an emergency on my =
part.