On Mon, Jan 13, 2014 at 8:41 PM, Xin Li <delp...@delphij.net> wrote: Hi Xin,
Do you have packet captures? If the configuration I have suggested > didn't stop the attack, you may have a different issue than what we have > found. > Please, take a look here https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks I tried all other mitigation, with limits and all. Only the update worked for me. No, I don0t have any packet capture, and please don't ask for it... i already DoSsed some chinese host in november with 300Mbit of udp flood... > I think it's better to upgrade the version in base AND to write a security > advisory. I wish we could, but 4.2.7 is a moving target right now. > > Most Open Source projects does not provide support to their development > branch or snapshots, and it would be a headache in support prospective, > because once a FreeBSD release is released, we would support it for at > least 12 months (some releases are supported for 24 months or even more). > I understand, thank you. In the other case we have *potentially* a new system tha can be used for DoS out of the box. Thanks, Cris -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
