On Wed, Nov 27, 2013 at 5:06 PM, Tom Evans <tevans...@googlemail.com> wrote:
> > There is a bug in older versions (< 4.2.7) who allows attacker use an ntp > > server to DDoS. This has been corrected in new version: > > https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks > > > > This attack seems to be increasing in the last few weeks. > > > > net/ntp-devel is Ok. > > > ntp 4.2.4p8 isn't vulnerable. > > http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html > > The reflection attack is the first in the list, 4.2.4p7 and below are > affected. Thank you, Tom for your quick reply. That is not the same bug. I had two ntpd with 4.2.4p8 used the last days to DDoS. I found the link below, used net/ntp-devel and the abuse was gone. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
