NTP security hole CVE-2013-5211?
Cristiano Deana
cristiano.deana at gmail.com
Tue Jan 14 08:17:55 UTC 2014
On Mon, Jan 13, 2014 at 8:41 PM, Xin Li <delphij at delphij.net> wrote:
Hi Xin,
Do you have packet captures? If the configuration I have suggested
> didn't stop the attack, you may have a different issue than what we have
> found.
>
Please, take a look here
https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
I tried all other mitigation, with limits and all. Only the update worked
for me.
No, I don0t have any packet capture, and please don't ask for it... i
already DoSsed some chinese host in november with 300Mbit of udp flood...
> I think it's better to upgrade the version in base AND to write a security
> advisory.
I wish we could, but 4.2.7 is a moving target right now.
>
> Most Open Source projects does not provide support to their development
> branch or snapshots, and it would be a headache in support prospective,
> because once a FreeBSD release is released, we would support it for at
> least 12 months (some releases are supported for 24 months or even more).
>
I understand, thank you. In the other case we have *potentially* a new
system tha can be used for DoS out of the box.
Thanks,
Cris
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
More information about the freebsd-security
mailing list