On 01/13/14 02:08, Cristiano Deana wrote: > On Fri, Jan 10, 2014 at 6:18 AM, Xin Li <delphij@delphij.net> wrote: > > Hi, > > We will have an advisory next week. If a NTP server is properly >> configured, it's likely that they are not affected >> > > I had this problem in november, and ask to -current to integrate the new > versione of ntpd in base (see my mail "[request] ntp upgrade" 11/27/13 > http://lists.freebsd.org/pipermail/freebsd-current/2013-November/046822.html > ). > I tried several workaround with config and policy, and ended up you MUST > have 4.2.7 to stop these kind of attacks. Do you have packet captures? If the configuration I have suggested didn't stop the attack, you may have a different issue than what we have found. > I think it's better to upgrade the version in base AND to write a security > advisory. I wish we could, but 4.2.7 is a moving target right now. Most Open Source projects does not provide support to their development branch or snapshots, and it would be a headache in support prospective, because once a FreeBSD release is released, we would support it for at least 12 months (some releases are supported for 24 months or even more). Cheers, -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"