NTP security hole CVE-2013-5211?
Xin Li
delphij at delphij.net
Sat Mar 15 17:18:03 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 3/15/14, 2:30 AM, Brett Glass wrote:
> At 11:34 PM 3/14/2014, Xin Li wrote:
>
>> I can't reproduce with fresh install. How did you tested it (or
>> what is missing in the default ntp.conf), can you elaborate?
>
> I have tested it under actual attack.
>
> Without the lines I mentioned in /etc/ntp.conf, the server will
> respond to monitor queries with rejection packets of the same size
> as the attack
Either it wouldn't or my test was wrong. My test was 'ntpdc -c
monlist' and tcpdump.
> packets. If the source addresses of the attack packets are spoofed,
> the attack is relayed.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTJItIAAoJEJW2GBstM+nsSAAP/3L0Z+c+rd5HLDjtVZ2zvjMD
rziFxOUDgIqXv/Ph6vxPwgwYQhXWf6/I6Um/Upacb5AiVWffHyogkuBBGuxvGu1T
k2Vz0HzCY3HBMJvO/spQ2vbkfKYLuyrZtKJQMuB7B+wO7wdeKX2hAUDoHN4pKPTt
uul5B3cUwZmlAa8kyblWSJHf6bmINKjRZ+R+oKQpYwBBm0JaPWxZgKOCceHWrVTy
YhK+IcEtosq5Fw5QS17+J3Qh++evyjVtGP0CeanxLsH108aAPU4WJ6yfzynUQeeX
B3U8dviQXsT0XrH5U+ADoF0Y+ypUmyRNLtJShkgQhsqTME2iTOYZcotDj1Ads0Tm
kgogo21vTfYW5DT9BCqrDyhba2RVdGHrl9VytyLDws6lDbbFllG0J9nrvrh8O+Ow
8VSb/ENePAMuRlYGxsZ9kob436+/sBT4E7TIVuQM0DwVs6dR16tiVxTCdGnFKe1D
BYcwEYE9oGUeGXo/S6VMyO8qDtHGHIFomO8o8LXL6EB2dIUAoWlFZsre+HInDOkn
TlTaMcOmemS3ylwpoOoaggSV/6JV+k9ks41WHLy2UjEBHM+Ur9DsRgVhNY513Ouj
TuNEiBBwZOj3Y7bAOfKAOyKcKRVcY7CeYz1cq/VgLRbiw/pmHMu1TqRafKF0RHi7
Lhu+UUAIZMtHiDms52UZ
=xChL
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list