generally that kind of attack would not work in a typical network with
a good stateful packet inspection firewall because the firewall would
just drop the traffic before it got to the web server. but with more
things running in cloud hosted environments now its more of a concern.
basically your best bet to defend from this kind of thing is IPTables.
On Wed, Jan 29, 2014 at 5:51 AM, John Rowe <[log in to unmask]> wrote:
> On Wed, 2014-01-29 at 20:58 +1100, Steven Haigh wrote:
>> On 29/01/14 20:52, John Rowe wrote:
>> > I've been warned that my SL 5.9 machine is potentially vulnerable to the
>> > recently announced DOS attack. As far as I can see both my 5.9 and 6x
>> > machines are running vulnerable versions, am I missing something or are
>> > we vulnerable?
>>
>> Any more details chief? I can give you an answer of pure guesswork - but
>> I certainly can't find anything new here....
>>
>
> It basically lets somebody send a nasty packet to your NTP server which
> then spews stuff to other people's machines as a DOS attack.
>
> Here's an example:
>
> http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/
>
> According to the following RedHat page, the default config disables
> queries (i.e. makes it run as a client-only) which therefore avoids the
> problem. https://bugzilla.redhat.com/show_bug.cgi?id=1047854
>
> I've set this on my machine as a work around.
>
> John