From owner-freebsd-security@FreeBSD.ORG  Fri Mar 21 10:41:52 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A7547748
 for <freebsd-security@freebsd.org>; Fri, 21 Mar 2014 10:41:52 +0000 (UTC)
Received: from emea01-db3-obe.outbound.protection.outlook.com
 (mail-db3lp0078.outbound.protection.outlook.com [213.199.154.78])
 (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 13A29855
 for <freebsd-security@freebsd.org>; Fri, 21 Mar 2014 10:41:51 +0000 (UTC)
Received: from DBXPR06MB318.eurprd06.prod.outlook.com (10.141.11.143) by
 DBXPR06MB320.eurprd06.prod.outlook.com (10.141.11.148) with Microsoft SMTP
 Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 10:41:42 +0000
Received: from DBXPR06MB318.eurprd06.prod.outlook.com ([10.141.11.143]) by
 DBXPR06MB318.eurprd06.prod.outlook.com ([10.141.11.143]) with mapi id
 15.00.0898.005; Fri, 21 Mar 2014 10:41:41 +0000
From: Info / RIT.lt <info@rit.lt>
To: Brett Glass <brett@lariat.org>, Micheas Herman <m@micheas.net>,
 "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: RE: NTP security hole CVE-2013-5211?
Thread-Topic: NTP security hole CVE-2013-5211?
Thread-Index: AQHPRLzx0AtnaDAcB0K/rmYpZWvx2Jrq9XeAgAABh3mAAGLHFA==
Date: Fri, 21 Mar 2014 10:41:41 +0000
Message-ID: <bf87380c6cba4318aefb740a2f2ae69e@DBXPR06MB318.eurprd06.prod.outlook.com>
References: <201403210421.WAA05406@mail.lariat.net>
 <CAJw6ijkqBTzcD-WyOQtiU3=R2W8fZjKR=qo5AW9836fOkyNudQ@mail.gmail.com>,
 <201403210444.WAA05541@mail.lariat.net>
In-Reply-To: <201403210444.WAA05541@mail.lariat.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [87.247.103.146]
x-forefront-prvs: 0157DEB61B
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10019001)(6009001)(428001)(189002)(199002)(24454002)(479174003)(377454003)(74706001)(74316001)(95416001)(95666003)(74366001)(83322001)(19580395003)(74876001)(97336001)(97186001)(94946001)(92566001)(83072002)(76576001)(81816001)(81686001)(76796001)(76786001)(93516002)(15975445006)(80976001)(86362001)(85306002)(85852003)(93136001)(50986001)(33646001)(19580405001)(59766001)(47736001)(47976001)(51856001)(4396001)(90146001)(56816005)(87266001)(2656002)(87936001)(46102001)(15202345003)(80022001)(66066001)(65816001)(54356001)(56776001)(20776003)(77982001)(94316002)(63696002)(49866001)(76482001)(53806001)(54316002)(79102001)(35302001)(69226001)(31966008)(74662001)(74482001)(74502001)(47446002)(81542001)(81342001)(24736002);
 DIR:OUT; SFP:1102; SCL:1; SRVR:DBXPR06MB320;
 H:DBXPR06MB318.eurprd06.prod.outlook.com;
 FPR:A583659A.941487A9.60E83048.52EAD908.2025B; MLV:sfv; PTR:InfoNoRecords;
 MX:1; A:1; LANG:en; 
received-spf: None (: rit.lt does not designate permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rit.lt
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 10:41:52 -0000

Dear FreeBSD users, my first experience with FreeBSD was 14 years ago, but =
due to hardware problems I chose Linux. After working with Linux for 14 yea=
rs, I decided to give a shot to FreeBSD again. After setting up FreeBSD ser=
ver with jails, I became a victim of DDoS which was launched from my dedica=
ted server, investigation led to NTP server, this misconfiguration left wit=
h default settings shocked me, please fix this configuration bug.=0A=
=0A=
Firewall is for filtering traffic, but not for hiding buggy configs.=0A=
=0A=
Regards,=0A=
Mindaugas Bubelis=0A=
________________________________________=0A=
From: owner-freebsd-security@freebsd.org <owner-freebsd-security@freebsd.or=
g> on behalf of Brett Glass <brett@lariat.org>=0A=
Sent: Friday, March 21, 2014 6:44 AM=0A=
To: Micheas Herman; freebsd-security@freebsd.org=0A=
Subject: Re: NTP security hole CVE-2013-5211?=0A=
=0A=
At 10:38 PM 3/20/2014, Micheas Herman wrote:=0A=
=0A=
>While true, that does mean that amplification attacks are limited to being=
=0A=
>able to attack those ten machines.=0A=
=0A=
The amplifier/relay is also a victim, and can be completely disabled by the=
 attack=0A=
if its link to the Net becomes saturated.=0A=
=0A=
--Brett Glass=0A=
=0A=
_______________________________________________=0A=
freebsd-security@freebsd.org mailing list=0A=
http://lists.freebsd.org/mailman/listinfo/freebsd-security=0A=
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"=
=0A=