Date: Sat, 15 Mar 2014 03:30:41 -0600 From: Brett Glass <brett@lariat.org> To: d@delphij.net, d@delphij.net, Fabian Wenk <fabian@wenks.ch>, freebsd-security@freebsd.org Cc: Ollivier Robert <roberto@freebsd.org>, hackers@lists.ntp.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <201403150931.DAA29130@mail.lariat.net> In-Reply-To: <5323E670.5020905@delphij.net> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <81785015-5083-451C-AC0B-4333CE766618@FreeBSD.org> <52CF82C0.9040708@delphij.net> <CAO82ECEsS-rKq7A-9w7VuxKpe_c_f=tvZQoRKgHEfi-yPdNeGQ@mail.gmail.com> <86d2jud85v.fsf@nine.des.no> <52D7A944.70604@wenks.ch> <201403141700.LAA21140@mail.lariat.net> <5323AF47.9080107@delphij.net> <201403150343.VAA27172@mail.lariat.net> <5323E670.5020905@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:34 PM 3/14/2014, Xin Li wrote: >I can't reproduce with fresh install. How did you tested it (or what >is missing in the default ntp.conf), can you elaborate? I have tested it under actual attack. Without the lines I mentioned in /etc/ntp.conf, the server will respond to monitor queries with rejection packets of the same size as the attack packets. If the source addresses of the attack packets are spoofed, the attack is relayed. --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403150931.DAA29130>