Re: NTP security hole CVE-2013-5211?

看板FB_security作者時間12年前 (2014/03/16 15:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串24/48 (看更多)
In message <5323C244.8050101@freebsd.org>, Julian Elischer writes: >the best solution is to add a firewall stateful rule so that the ONLY >port 123 udp packet that gets in is one that is a response to one you >sent out first. And to deny any packet which is too short: deny udp from any to any dst-port 123 iplen 0-75 -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 phk. 的文章
文章代碼(AID): #1J9LDots (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 24 之 48 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共48篇)
更多 phk. 的文章
文章代碼(AID): #1J9LDots (FB_security)