From owner-freebsd-current@FreeBSD.ORG  Wed Nov 27 17:21:08 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7707944C
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 17:21:08 +0000 (UTC)
Received: from mail-la0-x229.google.com (mail-la0-x229.google.com
 [IPv6:2a00:1450:4010:c03::229])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 070CC2C95
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 17:21:07 +0000 (UTC)
Received: by mail-la0-f41.google.com with SMTP id eo20so5548532lab.28
 for <freebsd-current@freebsd.org>; Wed, 27 Nov 2013 09:21:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=HrLqsS9T/sfNDBloP4WiS4FpGxRiLhjVsVj69g7dmEM=;
 b=qnLIF6P9D42IZ9rEJ+Vrl6pAVRPwYFR1MgaViFtDimENGfN02P/HPSzzZ7dfWNKxVX
 UFDAjHqG5L4R0Od1nCxh60klAJlBRRr500VwaKu9kb1SCTBz0p79KJ5Mhk+xq/vAFIQ6
 P5mdLnyA/5ql4opTkMeoYVUIj796ULQ/ewu+fyg48LikMxxdV8rbaKSW3ah61aKgzG2o
 RCFAL2HgYJspAvuDs0ZK+hWVEjatuBfnIrs3mmDqVgS9tScMNT9HLEcUMELhO2KHwJNB
 NBKBql2wCh0Aersq1A63KBqw4RdYDs7e9uarMn2d2Ou37mub5G3KJ4pA435xUgu2MNc/
 SsSQ==
MIME-Version: 1.0
X-Received: by 10.112.135.67 with SMTP id pq3mr18200lbb.65.1385572865825; Wed,
 27 Nov 2013 09:21:05 -0800 (PST)
Received: by 10.112.133.69 with HTTP; Wed, 27 Nov 2013 09:21:05 -0800 (PST)
In-Reply-To: <CAO82ECH8YXswVMuxzcnjfE9-KRvD-aKh6sRVJ7odRpB02aCXrA@mail.gmail.com>
References: <CAO82ECHMS-JUWC4TGwZpfU0opKE-2rOgW8RLOiR23RzVKgFJ3w@mail.gmail.com>
 <CAFHbX1+4+ydUf=4VTrkP5TyQHxDc31F8Uh48mVzyyfoDpsMLYA@mail.gmail.com>
 <CAO82ECH8YXswVMuxzcnjfE9-KRvD-aKh6sRVJ7odRpB02aCXrA@mail.gmail.com>
Date: Wed, 27 Nov 2013 17:21:05 +0000
Message-ID: <CAFHbX1KKMHgsRgFgmxvYBgJJvyhd+qwxDGg6yDUFsj3MwjBR8Q@mail.gmail.com>
Subject: Re: [request] ntp upgrade
From: Tom Evans <tevans.uk@googlemail.com>
To: Cristiano Deana <cristiano.deana@gmail.com>
Content-Type: text/plain; charset=UTF-8
Cc: freebsd-current <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2013 17:21:08 -0000

On Wed, Nov 27, 2013 at 4:10 PM, Cristiano Deana
<cristiano.deana@gmail.com> wrote:
> On Wed, Nov 27, 2013 at 5:06 PM, Tom Evans <tevans.uk@googlemail.com> wrote:
>
>>
>> > There is a bug in older versions (< 4.2.7) who allows attacker use an
>> > ntp
>> > server to DDoS. This has been corrected in new version:
>> > https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
>> >
>> > This attack seems to be increasing in the last few weeks.
>> >
>> > net/ntp-devel is Ok.
>>
>>
>> ntp 4.2.4p8 isn't vulnerable.
>>
>> http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
>>
>> The reflection attack is the first in the list, 4.2.4p7 and below are
>> affected.
>
>
>
> Thank you, Tom for your quick reply.
>
> That is not the same bug. I had two ntpd with 4.2.4p8 used the last days to
> DDoS. I found the link below, used net/ntp-devel and the abuse was gone.
>

Does it have a CVE? The article is low on content :(

Cheers

Tom