SCIENTIFIC-LINUX-USERS Archives

January 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Mailing list for Scientific Linux users worldwide <[log in to unmask]>
Date:
Wed, 29 Jan 2014 10:51:19 +0000
Reply-To:
John Rowe <[log in to unmask]>
Content-Transfer-Encoding:
7bit
Subject:
Re: NTP DOS issue?
From:
John Rowe <[log in to unmask]>
MIME-Version:
1.0
In-Reply-To:
<[log in to unmask]>
Content-Type:
text/plain; charset="UTF-8"
Comments:
To: Steven Haigh <[log in to unmask]> cc: [log in to unmask]
Parts/Attachments:
text/plain (26 lines) 
On Wed, 2014-01-29 at 20:58 +1100, Steven Haigh wrote:
> On 29/01/14 20:52, John Rowe wrote:
> > I've been warned that my SL 5.9 machine is potentially vulnerable to the
> > recently announced DOS attack. As far as I can see both my 5.9 and 6x
> > machines are running vulnerable versions, am I missing something or are
> > we vulnerable?
> 
> Any more details chief? I can give you an answer of pure guesswork - but
> I certainly can't find anything new here....
> 

It basically lets somebody send a nasty packet to your NTP server which
then spews stuff to other people's machines as a DOS attack.

Here's an example:

http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/

According to the following RedHat page, the default config disables
queries (i.e. makes it run as a client-only) which therefore avoids the
problem. https://bugzilla.redhat.com/show_bug.cgi?id=1047854

I've set this on my machine as a work around.

John

ATOM RSS1 RSS2