SCIENTIFIC-LINUX-USERS Archives

January 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: NTP DOS issue?
From:
John Rowe <[log in to unmask]>
Reply To:
John Rowe <[log in to unmask]>
Date:
Wed, 29 Jan 2014 10:51:19 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (26 lines) 
On Wed, 2014-01-29 at 20:58 +1100, Steven Haigh wrote:
> On 29/01/14 20:52, John Rowe wrote:
> > I've been warned that my SL 5.9 machine is potentially vulnerable to the
> > recently announced DOS attack. As far as I can see both my 5.9 and 6x
> > machines are running vulnerable versions, am I missing something or are
> > we vulnerable?
> 
> Any more details chief? I can give you an answer of pure guesswork - but
> I certainly can't find anything new here....
> 

It basically lets somebody send a nasty packet to your NTP server which
then spews stuff to other people's machines as a DOS attack.

Here's an example:

http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/

According to the following RedHat page, the default config disables
queries (i.e. makes it run as a client-only) which therefore avoids the
problem. https://bugzilla.redhat.com/show_bug.cgi?id=1047854

I've set this on my machine as a work around.

John

ATOM RSS1 RSS2