From owner-freebsd-current@FreeBSD.ORG  Wed Nov 27 16:10:39 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 25FAA94F
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 16:10:39 +0000 (UTC)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com
 [IPv6:2a00:1450:400c:c05::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9D1F128FF
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 16:10:38 +0000 (UTC)
Received: by mail-wi0-f179.google.com with SMTP id ey16so2291879wid.0
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 08:10:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=6zuziLkGTHaLjAgavE7TpMn6fduT74zK7CQHgvGkf94=;
 b=CwexzBLwTJVqXfUkGiw61uOtIL0Hw/pAVLmz4L0N14WXm7tX6stgTBw0bR2TfHxX+h
 iJp5J7f6AMGh97ndm09CTRF2fTOt2NU6wG26dox97fX+IAYvlY+8tdfYdqqG1zwgf6zu
 re2s5W+97VcRfxqw/cXeHaFBW6YCJ1r8ZvDl7IH6Ry/FFqOA4CLh3epv1/0V/CCE+RWF
 T4vW1gqMHupnBByQhsDBN7TnU4a9PAnBPQQrXxIzTUeTAwTHscsyY25MfBVZgqNboC2D
 ak5UPFYg8vE0G/QoXxlMqkztuNJjYPCB+me6+r5+2waBqOZxvpSMMjCs7QKwlk930bws
 eecQ==
MIME-Version: 1.0
X-Received: by 10.180.221.38 with SMTP id qb6mr23115408wic.8.1385568637068;
 Wed, 27 Nov 2013 08:10:37 -0800 (PST)
Received: by 10.194.152.99 with HTTP; Wed, 27 Nov 2013 08:10:37 -0800 (PST)
In-Reply-To: <CAFHbX1+4+ydUf=4VTrkP5TyQHxDc31F8Uh48mVzyyfoDpsMLYA@mail.gmail.com>
References: <CAO82ECHMS-JUWC4TGwZpfU0opKE-2rOgW8RLOiR23RzVKgFJ3w@mail.gmail.com>
 <CAFHbX1+4+ydUf=4VTrkP5TyQHxDc31F8Uh48mVzyyfoDpsMLYA@mail.gmail.com>
Date: Wed, 27 Nov 2013 17:10:37 +0100
Message-ID: <CAO82ECH8YXswVMuxzcnjfE9-KRvD-aKh6sRVJ7odRpB02aCXrA@mail.gmail.com>
Subject: Re: [request] ntp upgrade
From: Cristiano Deana <cristiano.deana@gmail.com>
To: Tom Evans <tevans.uk@googlemail.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.16
Cc: freebsd-current <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 16:10:39 -0000

On Wed, Nov 27, 2013 at 5:06 PM, Tom Evans <tevans.uk@googlemail.com> wrote:


> > There is a bug in older versions (< 4.2.7) who allows attacker use an ntp
> > server to DDoS. This has been corrected in new version:
> > https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
> >
> > This attack seems to be increasing in the last few weeks.
> >
> > net/ntp-devel is Ok.
>
>
> ntp 4.2.4p8 isn't vulnerable.
>
> http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
>
> The reflection attack is the first in the list, 4.2.4p7 and below are
> affected.



Thank you, Tom for your quick reply.

That is not the same bug. I had two ntpd with 4.2.4p8 used the last days to
DDoS. I found the link below, used net/ntp-devel and the abuse was gone.

-- 
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/