Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Dec 2013 07:46:40 -0500
From: "Mike O'Connor" <mjo@...o.mi.org>
To: oss-security@...ts.openwall.com
Subject: CVE to the ntp monlist DDoS issue?

There's a recent rash of DDoS involving the monlist functionality
in older ntp.org ntp.  Has anyone thought about assigning a CVE to
this?  It looks like the issue may have been addressed back in 2010, 
but only in the context of ntp.org's "dev" tree, not "stable".  

http://bugs.ntp.org/show_bug.cgi?id=1532
https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks


-- 
 Michael J. O'Connor                                          mjo@...o.mi.org
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"To collect sulphur, hold a deacon over a flame..."        -Anguished English

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ