SCIENTIFIC-LINUX-USERS Archives

January 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: NTP DOS issue?
From:
Paul Robert Marino <[log in to unmask]>
Reply To:
Paul Robert Marino <[log in to unmask]>
Date:
Wed, 29 Jan 2014 14:52:59 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
generally that kind of attack would not work in a typical network with
a good stateful packet inspection firewall because the firewall would
just drop the traffic before it got to the web server. but with more
things running in cloud hosted environments now its more of a concern.

basically your best bet to defend from this kind of thing is IPTables.


On Wed, Jan 29, 2014 at 5:51 AM, John Rowe <[log in to unmask]> wrote:
> On Wed, 2014-01-29 at 20:58 +1100, Steven Haigh wrote:
>> On 29/01/14 20:52, John Rowe wrote:
>> > I've been warned that my SL 5.9 machine is potentially vulnerable to the
>> > recently announced DOS attack. As far as I can see both my 5.9 and 6x
>> > machines are running vulnerable versions, am I missing something or are
>> > we vulnerable?
>>
>> Any more details chief? I can give you an answer of pure guesswork - but
>> I certainly can't find anything new here....
>>
>
> It basically lets somebody send a nasty packet to your NTP server which
> then spews stuff to other people's machines as a DOS attack.
>
> Here's an example:
>
> http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/
>
> According to the following RedHat page, the default config disables
> queries (i.e. makes it run as a client-only) which therefore avoids the
> problem. https://bugzilla.redhat.com/show_bug.cgi?id=1047854
>
> I've set this on my machine as a work around.
>
> John

ATOM RSS1 RSS2