On Mon, Jan 13, 2014 at 8:41 PM, Xin Li <[email protected]> wrote: Hi Xin, Do you have packet captures? If the configuration I have suggested > didn't stop the attack, you may have a different issue than what we have > found. > Please, take a look here https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks I tried all other mitigation, with limits and all. Only the update worked for me. No, I don0t have any packet capture, and please don't ask for it... i already DoSsed some chinese host in november with 300Mbit of udp flood... > I think it's better to upgrade the version in base AND to write a security > advisory. I wish we could, but 4.2.7 is a moving target right now. > > Most Open Source projects does not provide support to their development > branch or snapshots, and it would be a headache in support prospective, > because once a FreeBSD release is released, we would support it for at > least 12 months (some releases are supported for 24 months or even more). > I understand, thank you. In the other case we have *potentially* a new system tha can be used for DoS out of the box. Thanks, Cris -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"