oss-security - CVE to the ntp monlist DDoS issue?

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20131230124640.GB53544@dojo.mi.org>
Date: Mon, 30 Dec 2013 07:46:40 -0500
From: "Mike O'Connor" <mjo@...o.mi.org>
To: oss-security@...ts.openwall.com
Subject: CVE to the ntp monlist DDoS issue?

There's a recent rash of DDoS involving the monlist functionality
in older ntp.org ntp.  Has anyone thought about assigning a CVE to
this?  It looks like the issue may have been addressed back in 2010, 
but only in the context of ntp.org's "dev" tree, not "stable".  

http://bugs.ntp.org/show_bug.cgi?id=1532
https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks

-- 
 Michael J. O'Connor                                          mjo@...o.mi.org
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"To collect sulphur, hold a deacon over a flame..."        -Anguished English

Content of type "application/pgp-signature" skipped

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.