On Wed, 2014-01-29 at 20:58 +1100, Steven Haigh wrote:
> On 29/01/14 20:52, John Rowe wrote:
> > I've been warned that my SL 5.9 machine is potentially vulnerable to the
> > recently announced DOS attack. As far as I can see both my 5.9 and 6x
> > machines are running vulnerable versions, am I missing something or are
> > we vulnerable?
>
> Any more details chief? I can give you an answer of pure guesswork - but
> I certainly can't find anything new here....
>
It basically lets somebody send a nasty packet to your NTP server which
then spews stuff to other people's machines as a DOS attack.
Here's an example:
http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/
According to the following RedHat page, the default config disables
queries (i.e. makes it run as a client-only) which therefore avoids the
problem. https://bugzilla.redhat.com/show_bug.cgi?id=1047854
I've set this on my machine as a work around.
John