On Mon, Jan 13, 2014 at 8:41 PM, Xin Li delp...@delphij.net wrote:
Hi Xin,
Do you have packet captures? If the configuration I have suggested
didn't stop the attack, you may have a different issue than what we have
found.
Please, take a look here
Le Thu, 09 Jan 2014 21:18:56 -0800,
Xin Li delp...@delphij.net a écrit :
On 1/9/14, 6:12 AM, Palle Girgensohn wrote:
9 jan 2014 kl. 15:08 skrev Eugene Grosbein eu...@grosbein.net:
On 09.01.2014 19:38, Palle Girgensohn wrote:
They recommend at least 4.2.7. Any thoughts about this?
Cristiano Deana cristiano.de...@gmail.com writes:
I tried several workaround with config and policy, and ended up you MUST
have 4.2.7 to stop these kind of attacks.
Doesn't restrict noquery block monlist in 4.2.6?
DES
--
Dag-Erling Smørgrav - d...@des.no
Garrett Wollman woll...@bimajority.org writes:
For a pure client, I would suggest restrict default ignore ought
to be the norm. (Followed by entries to unrestrict localhost over v4
and v6.)
Pure clients shouldn't use ntpd(8). They should use sntp(8) or a
lightweight NTP client like ttsntpd.
On Tue, Jan 14, 2014 at 2:06 PM, Dag-Erling Smørgrav d...@des.no wrote:
Hi,
I tried several workaround with config and policy, and ended up you MUST
have 4.2.7 to stop these kind of attacks.
Doesn't restrict noquery block monlist in 4.2.6?
I didn't try.
Following this document:
On 14.01.2014, at 14:06, Dag-Erling Smørgrav d...@des.no wrote:
Cristiano Deana cristiano.de...@gmail.com writes:
I tried several workaround with config and policy, and ended up you MUST
have 4.2.7 to stop these kind of attacks.
Doesn't restrict noquery block monlist in 4.2.6?
I think it
Eugene Grosbein eu...@grosbein.net writes:
That's first time I see a reference to sntp(8) for FreeBSD [...] Is
it documented somewhere?
It's part of ISC NTP and is included in FreeBSD 10 as well as in the
net/ntp{,-devel,-rc} ports.
DES
--
Dag-Erling Smørgrav - d...@des.no
Ferdinand Goldmann ferdinand.goldm...@jku.at writes:
Dag-Erling Smørgrav d...@des.no writes:
Doesn't restrict noquery block monlist in 4.2.6?
I think it should be possible to block it using:
disable monitor
seems to work for me.
That disables monlist across the board, whereas the restrict
According to Cristiano Deana on Tue, Jan 14, 2014 at 09:17:51AM +0100:
I think it's better to upgrade the version in base AND to write a security
advisory.
I wish we could, but 4.2.7 is a moving target right now.
I think I will stop trying to upgrade to 4.2.6p5 (the one I imported a few
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:01.bsnmpd Security Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:04.bind Security Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:02.ntpd Security Advisory
The FreeBSD Project
Topic:
Hi -security,
I work at EMC Isilon and one of our developers has found a race in opencyrpto
and provided the attached patch to address it.
The situation as explained to me is that the crypto request queue and dequeue
operate under CRYPTO_Q_LOCK, along with crypto_invoke and thus crypto
Topic: bsnmpd remote denial of service vulnerability
...
III. Impact
This issue could be exploited to execute arbitrary code in the context of
the service daemon, or crash the service daemon, causing a denial-of-service.
The title/topic of this advisory should be changed reflect
14 matches
Mail list logo
