Date: Fri, 14 Mar 2014 21:43:37 -0600 From: Brett Glass <brett@lariat.org> To: d@delphij.net, Fabian Wenk <fabian@wenks.ch>, freebsd-security@freebsd.org Cc: Ollivier Robert <roberto@freebsd.org>, hackers@lists.ntp.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <201403150343.VAA27172@mail.lariat.net> In-Reply-To: <5323AF47.9080107@delphij.net> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com> <86d2jud85v.fsf@nine.des.no> <52D7A944.70604@wenks.ch> <201403141700.LAA21140@mail.lariat.net> <5323AF47.9080107@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:39 PM 3/14/2014, Xin Li wrote: >FreeBSD 10.0-RELEASE ships with new default NTP settings, are you >talking an earlier RC (before RC4 as r259975), or are you saying >10.0-RELEASE ships with a ntp.conf with wrong defaults? The latter. The ntp.conf shipped with 10.0-RELEASE still allows relaying of attacks, even with an ntpd that is patched to prevent amplification. >We sure can do this as a new advisory but it's not guaranteed to work >because end user may have to do manual merge and may choose not to >accept these. True. Perhaps, if freebsd-update finds that ntp.conf is not the default that was shipped with the release, a warning should be given that a manual merge is needed. >Note that like I stated before, for attackers it would be efficient to >just deliver the packets themselves, Attackers have an interest in obfuscating the sources of attacks, since this makes them more difficult to block. We have several patched servers which malicious parties are attempting to use as relays even though they cannot use them to amplify the volume of data sent. Once we altered ntp.conf, we were able to put a stop to this. --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403150343.VAA27172>