From owner-freebsd-security@FreeBSD.ORG Fri Mar 21 10:41:52 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A7547748 for ; Fri, 21 Mar 2014 10:41:52 +0000 (UTC) Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lp0078.outbound.protection.outlook.com [213.199.154.78]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 13A29855 for ; Fri, 21 Mar 2014 10:41:51 +0000 (UTC) Received: from DBXPR06MB318.eurprd06.prod.outlook.com (10.141.11.143) by DBXPR06MB320.eurprd06.prod.outlook.com (10.141.11.148) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 10:41:42 +0000 Received: from DBXPR06MB318.eurprd06.prod.outlook.com ([10.141.11.143]) by DBXPR06MB318.eurprd06.prod.outlook.com ([10.141.11.143]) with mapi id 15.00.0898.005; Fri, 21 Mar 2014 10:41:41 +0000 From: Info / RIT.lt To: Brett Glass , Micheas Herman , "freebsd-security@freebsd.org" Subject: RE: NTP security hole CVE-2013-5211? Thread-Topic: NTP security hole CVE-2013-5211? Thread-Index: AQHPRLzx0AtnaDAcB0K/rmYpZWvx2Jrq9XeAgAABh3mAAGLHFA== Date: Fri, 21 Mar 2014 10:41:41 +0000 Message-ID: References: <201403210421.WAA05406@mail.lariat.net> , <201403210444.WAA05541@mail.lariat.net> In-Reply-To: <201403210444.WAA05541@mail.lariat.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [87.247.103.146] x-forefront-prvs: 0157DEB61B x-forefront-antispam-report: SFV:NSPM; SFS:(10019001)(6009001)(428001)(189002)(199002)(24454002)(479174003)(377454003)(74706001)(74316001)(95416001)(95666003)(74366001)(83322001)(19580395003)(74876001)(97336001)(97186001)(94946001)(92566001)(83072002)(76576001)(81816001)(81686001)(76796001)(76786001)(93516002)(15975445006)(80976001)(86362001)(85306002)(85852003)(93136001)(50986001)(33646001)(19580405001)(59766001)(47736001)(47976001)(51856001)(4396001)(90146001)(56816005)(87266001)(2656002)(87936001)(46102001)(15202345003)(80022001)(66066001)(65816001)(54356001)(56776001)(20776003)(77982001)(94316002)(63696002)(49866001)(76482001)(53806001)(54316002)(79102001)(35302001)(69226001)(31966008)(74662001)(74482001)(74502001)(47446002)(81542001)(81342001)(24736002); DIR:OUT; SFP:1102; SCL:1; SRVR:DBXPR06MB320; H:DBXPR06MB318.eurprd06.prod.outlook.com; FPR:A583659A.941487A9.60E83048.52EAD908.2025B; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (: rit.lt does not designate permitted sender hosts) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: rit.lt X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 10:41:52 -0000 Dear FreeBSD users, my first experience with FreeBSD was 14 years ago, but = due to hardware problems I chose Linux. After working with Linux for 14 yea= rs, I decided to give a shot to FreeBSD again. After setting up FreeBSD ser= ver with jails, I became a victim of DDoS which was launched from my dedica= ted server, investigation led to NTP server, this misconfiguration left wit= h default settings shocked me, please fix this configuration bug.=0A= =0A= Firewall is for filtering traffic, but not for hiding buggy configs.=0A= =0A= Regards,=0A= Mindaugas Bubelis=0A= ________________________________________=0A= From: owner-freebsd-security@freebsd.org on behalf of Brett Glass =0A= Sent: Friday, March 21, 2014 6:44 AM=0A= To: Micheas Herman; freebsd-security@freebsd.org=0A= Subject: Re: NTP security hole CVE-2013-5211?=0A= =0A= At 10:38 PM 3/20/2014, Micheas Herman wrote:=0A= =0A= >While true, that does mean that amplification attacks are limited to being= =0A= >able to attack those ten machines.=0A= =0A= The amplifier/relay is also a victim, and can be completely disabled by the= attack=0A= if its link to the Net becomes saturated.=0A= =0A= --Brett Glass=0A= =0A= _______________________________________________=0A= freebsd-security@freebsd.org mailing list=0A= http://lists.freebsd.org/mailman/listinfo/freebsd-security=0A= To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"= =0A=