NTP security hole CVE-2013-5211?
Cristiano Deana
cristiano.deana at gmail.com
Tue Jan 14 13:54:29 UTC 2014
On Tue, Jan 14, 2014 at 2:06 PM, Dag-Erling Smørgrav <des at des.no> wrote:
Hi,
> I tried several workaround with config and policy, and ended up you MUST
> > have 4.2.7 to stop these kind of attacks.
>
> Doesn't "restrict noquery" block monlist in 4.2.6?
I didn't try.
Following this document:
https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
"Currently the best available solution is to update to NTP 4.2.7p26 for
which the support of 'monlist' query has been removed in favor of new safe
'mrunlist' function which uses a nonce value ensuring that received IP
address match the actual requester"
I upgraded directly to net/ntp-devel, skipping net/ntp.
That has been published in first days of DDoS discovering, maybe now it's
more clear how the vuln works.
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
More information about the freebsd-security
mailing list