oss-sec mailing list archives
CVE to the ntp monlist DDoS issue?
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Mon, 30 Dec 2013 07:46:40 -0500
There's a recent rash of DDoS involving the monlist functionality in older ntp.org ntp. Has anyone thought about assigning a CVE to this? It looks like the issue may have been addressed back in 2010, but only in the context of ntp.org's "dev" tree, not "stable". http://bugs.ntp.org/show_bug.cgi?id=1532 https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks -- Michael J. O'Connor mjo () dojo mi org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "To collect sulphur, hold a deacon over a flame..." -Anguished English
Attachment:
_bin
Description:
Current thread:
- CVE to the ntp monlist DDoS issue? Mike O'Connor (Dec 30)
- Re: CVE to the ntp monlist DDoS issue? cve-assign (Dec 30)
- Re: Re: CVE to the ntp monlist DDoS issue? Moritz Muehlenhoff (Dec 30)
- Re: Re: CVE to the ntp monlist DDoS issue? Florian Weimer (Dec 30)
- Re: Re: CVE to the ntp monlist DDoS issue? Moritz Muehlenhoff (Dec 30)
- Re: CVE to the ntp monlist DDoS issue? Xin Li (Dec 30)
- Re: CVE to the ntp monlist DDoS issue? cve-assign (Dec 30)