Date: Wed, 06 Jan 2010 19:18:20 -0500 From: Harlan Stenn <stenn@ntp.org> To: freebsd-security@freebsd.org Cc: stenn@ntp.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd Message-ID: <20100107001820.36C8128438@gwc.pfcs.com> In-Reply-To: FreeBSD Security Advisories's (security-advisories@freebsd.org) message dated Wed, 06 Jan 2010 22:55:36. <201001062255.o06MtanW089116@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Not quite... > II. Problem Description > > If ntpd receives a mode 7 (MODE_PRIVATE) request or error response it's a *malformed* mode 7 request, or an error response ... Normal mode 7 requests have been (and are) handled just fine and are not logged by default. > from a source address not listed in either a 'restrict ... noquery' > or a 'restrict ... ignore' section it will log the even and send s/even/event/ > a mode 7 error response. > IV. Workaround > > Proper filtering of mode 7 NTP packets by a firewall can limit the > number of systems used to attack your resources. If you can find a firewall that will do this, please lemme know. We haven't found any. Thanks... H
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100107001820.36C8128438>