On Wed, Nov 27, 2013 at 4:10 PM, Cristiano Deana <cristiano.deana_at_gmail.com> wrote: > On Wed, Nov 27, 2013 at 5:06 PM, Tom Evans <tevans.uk_at_googlemail.com> wrote: > >> >> > There is a bug in older versions (< 4.2.7) who allows attacker use an >> > ntp >> > server to DDoS. This has been corrected in new version: >> > https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks >> > >> > This attack seems to be increasing in the last few weeks. >> > >> > net/ntp-devel is Ok. >> >> >> ntp 4.2.4p8 isn't vulnerable. >> >> http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html >> >> The reflection attack is the first in the list, 4.2.4p7 and below are >> affected. > > > > Thank you, Tom for your quick reply. > > That is not the same bug. I had two ntpd with 4.2.4p8 used the last days to > DDoS. I found the link below, used net/ntp-devel and the abuse was gone. > Does it have a CVE? The article is low on content :( Cheers TomReceived on Wed Nov 27 2013 - 16:21:08 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:44 UTC