[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE to the ntp monlist DDoS issue?
From: Xin Li <delphij () delphij ! net>
Date: 2013-12-31 6:37:01
Message-ID: 52C2660D.2030307 () delphij ! net
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 12/30/13, 4:46 AM, Mike O'Connor wrote:
> There's a recent rash of DDoS involving the monlist functionality
> in older ntp.org ntp. Has anyone thought about assigning a CVE to
> this? It looks like the issue may have been addressed back in
> 2010, but only in the context of ntp.org's "dev" tree, not
> "stable".
>
> http://bugs.ntp.org/show_bug.cgi?id=1532
> https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
>
>
http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
Both as a mitigation to this attack and a best practice, I think all
public facing ntpd should configured to have 'nomodify nopeer noquery
notrap' as default restrictions. Something like:
===
restrict default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
===
Cheers,
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJSwmYNAAoJEJW2GBstM+nsyqIP/2H6C6DFUqN1y0gApoEy3iKg
JR6UjMmaOMLCNl6uXIQ730sSf9YxY5l+L1he0BI/q4+rCXN11E+2cLrAFHnNU/I4
sR07wsM26COTxgdpqrEE32h4ODjyz9d3NPipXAvZsfMRy2DHrxEhPRGpBfmyjIjj
JjVB6YU/rN57zgOu5zVq4GUR71KlYgL05M2wEyg+QItk2T7Tyvtt0UhBUgE8lzrp
wjSlHuaAkatsk9+Z2zJCVPkEF6261ewCFCJ7Qs5QIWMyRI3THDS+V5BCDMH3/7RT
R8LvXE0InEpW4Nu8EtbmoutVLy5P1yoCJyHFEa5GkmzqE3BEY7wteEj9aRb723Ae
CucZeYUG8dIw+bHe1fYI7bzhUXrJvYeVUaUqEKAqv9udi7iplHJoln2N1fDdNce6
leGxd6iCTNGikW4urdDPm6tSIdR8LuY4ifULAKQOa7jyKsnYplvwCiMpxN/HdDud
/FStQW+OcvEVj7Carx9LwNdTb7HnW1G7EurBFJNKZ+Q37HyAwdz+omfapkqFJfjX
bPVN2qbgUyc1/dTY+Cy/Z/2MEK7PPthmcxwXKNDS6+qEyQTc7cT1giO0xyCsiC05
d6Yh0QKLCf0KPrWWuGmgMnQIT2ki9EQunEcZMbseLWhSq0hhzvwhMYBqV0dE9Fki
VAiGvTbqac+6LWN3VLo9
=UVX1
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic