At 07:39 PM 3/14/2014, Xin Li wrote: >FreeBSD 10.0-RELEASE ships with new default NTP settings, are you >talking an earlier RC (before RC4 as r259975), or are you saying >10.0-RELEASE ships with a ntp.conf with wrong defaults?
The latter. The ntp.conf shipped with 10.0-RELEASE still allows relaying of attacks, even with an ntpd that is patched to prevent amplification. >We sure can do this as a new advisory but it's not guaranteed to work >because end user may have to do manual merge and may choose not to >accept these. True. Perhaps, if freebsd-update finds that ntp.conf is not the default that was shipped with the release, a warning should be given that a manual merge is needed. >Note that like I stated before, for attackers it would be efficient to >just deliver the packets themselves, Attackers have an interest in obfuscating the sources of attacks, since this makes them more difficult to block. We have several patched servers which malicious parties are attempting to use as relays even though they cannot use them to amplify the volume of data sent. Once we altered ntp.conf, we were able to put a stop to this. --Brett Glass _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
