On Tue, Jan 14, 2014 at 2:06 PM, Dag-Erling Sm=F8rgrav <[email protected]> wrote: Hi, > I tried several workaround with config and policy, and ended up you MUST > > have 4.2.7 to stop these kind of attacks. > > Doesn't "restrict noquery" block monlist in 4.2.6? I didn't try. Following this document: https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks "Currently the best available solution is to update to NTP 4.2.7p26 for which the support of 'monlist' query has been removed in favor of new safe 'mrunlist' function which uses a nonce value ensuring that received IP address match the actual requester" I upgraded directly to net/ntp-devel, skipping net/ntp. That has been published in first days of DDoS discovering, maybe now it's more clear how the vuln works. -- = Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"