NTP security hole CVE-2013-5211?
Ronald F. Guilmette
rfg at tristatelogic.com
Fri Mar 21 19:20:44 UTC 2014
In message <AD479A36-993D-442A-AA07-AB52D8198624 at FreeBSD.org>,
Remko Lodder <remko at FreeBSD.org> wrote:
>Reading the mails from this thread leads me to believe that there is no
>stateful firewall concept in place?
I am not the poster to whom you were responding (info at rit.lt), however
speaking only for myself I will confess that yes, in my case at least,
although I have used ipfw for many years, I have never (until now) found
any compelling need to either understand or make use of any of ipfw's
stateful capabilities.
>In my believing it is so that if you do not filter traffic, you are
>making a deliberate choice to let everyone smack your service(s).
I personally *do* most certainly filter traffic, and have done, since
I first connected *any* machine of mine to the Internet. I can assure
yoy that I never made any deliberate choice to let everyone smack me
around. Nontheless, that clearly did happen, eventually, when evil-doers
decided, relatively recently, to use & abuse me as an NTP reflector, but
my participation in this was not in any sense deliberate on my part, and
arose strictly out of ignorance, for which I am suitably humbled and
apologetic.
Regards,
rfg
More information about the freebsd-security
mailing list