From owner-freebsd-current@FreeBSD.ORG  Wed Nov 27 16:06:20 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D28A7375
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 16:06:20 +0000 (UTC)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com
 [IPv6:2a00:1450:4010:c03::22a])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6227F28A4
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 16:06:20 +0000 (UTC)
Received: by mail-la0-f42.google.com with SMTP id ec20so5452222lab.1
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 08:06:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=24zKNc/THLK7n8+9lVsxivIfNrtdZVZT7j4zt5plEnA=;
 b=CldyDR8gqFg0H8WTvaRNFgm5KUlcaeW1Z9IAj5CN+csecOr7SQ/maQc9ViLY2DTj6b
 O3cXXNj5+SU/r/ge9/8ihwXCBryeh8CIbXVqULY6LxlJrqa55e1K3N0nvP9JR1g+2dRd
 xOcQfAtTf5fre99ilo6/mARKE7QyyP2WWgrn1HxclUlMMDKPbhc0Ba2Z1p9DhfkddrFy
 VnpC0kLMpcSLpnqvKgU266GjnM6UKdGokCjyeWv6GwoeZIzchaLSSKT+U5N7YethKPbw
 mzAtAcz3fAZ+RHEd4J5UlEu8sINxT+QVHm1oTnQ7FB73GxbicvqX5QZnhzcGdKD1tIyF
 fbtA==
MIME-Version: 1.0
X-Received: by 10.152.44.225 with SMTP id h1mr13759347lam.22.1385568378369;
 Wed, 27 Nov 2013 08:06:18 -0800 (PST)
Received: by 10.112.133.69 with HTTP; Wed, 27 Nov 2013 08:06:18 -0800 (PST)
In-Reply-To: <CAO82ECHMS-JUWC4TGwZpfU0opKE-2rOgW8RLOiR23RzVKgFJ3w@mail.gmail.com>
References: <CAO82ECHMS-JUWC4TGwZpfU0opKE-2rOgW8RLOiR23RzVKgFJ3w@mail.gmail.com>
Date: Wed, 27 Nov 2013 16:06:18 +0000
Message-ID: <CAFHbX1+4+ydUf=4VTrkP5TyQHxDc31F8Uh48mVzyyfoDpsMLYA@mail.gmail.com>
Subject: Re: [request] ntp upgrade
From: Tom Evans <tevans.uk@googlemail.com>
To: Cristiano Deana <cristiano.deana@gmail.com>
Content-Type: text/plain; charset=UTF-8
Cc: freebsd-current <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 16:06:20 -0000

On Wed, Nov 27, 2013 at 3:29 PM, Cristiano Deana
<cristiano.deana@gmail.com> wrote:
> Hi,
>
> is it possible to include in base system of the upcoming 10.0 the new
> version of ntp (4.2.7 instead of 4.2.4)?
>
> There is a bug in older versions (< 4.2.7) who allows attacker use an ntp
> server to DDoS. This has been corrected in new version:
> https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
>
> This attack seems to be increasing in the last few weeks.
>
> net/ntp-devel is Ok.
>
> Thank you, sorry for my basic english.
>

ntp 4.2.4p8 isn't vulnerable.

http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html

The reflection attack is the first in the list, 4.2.4p7 and below are affected.

Cheers

Tom