[Discuss] Thanks for the advice

Stuart Conner genuineaudio at gmail.com
Tue Jan 14 09:58:39 EST 2014


Thanks for the recommendations on distros.

I guess I'll have to buy a cheap a4 or a6 just to flash my bios and sell it
after.
Stu

On Monday, January 13, 2014, wrote:

> Send Discuss mailing list submissions to
>         discuss at blu.org <javascript:;>
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.blu.org/mailman/listinfo/discuss
> or, via email, send a message with subject or body 'help' to
>         discuss-request at blu.org <javascript:;>
>
> You can reach the person managing the list at
>         discuss-owner at blu.org <javascript:;>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Discuss digest..."
>
>
> Today's Topics:
>
>    1. Re: NTP Gone Crazy? (David N. Blank-Edelman)
>    2. Re: NTP Gone Crazy? (Kent Borg)
>    3. Re: NTP Gone Crazy? (Richard Pieri)
>    4. Re: Hello. and AMD loan? (Nuno Sucena Almeida)
>    5. Re: Time Daemons (Nuno Sucena Almeida)
>    6. Re: NTP Gone Crazy? (Tom Metro)
>    7. Re: NTP Gone Crazy? (Kent Borg)
>    8. Re: NTP Gone Crazy? (john saylor)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 12 Jan 2014 16:29:03 -0500
> From: "David N. Blank-Edelman" <dnb at ccs.neu.edu <javascript:;>>
> To: "Kent Borg" <kentborg at borg.org <javascript:;>>
> Cc: "discuss at blu.org <javascript:;>" <discuss at blu.org <javascript:;>>
> Subject: Re: [Discuss] NTP Gone Crazy?
> Message-ID: <21C1CE58-EC71-4204-9C83-59CF9F340DB9 at ccs.neu.edu<javascript:;>
> >
> Content-Type: text/plain; format=flowed
>
> On 12 Jan 2014, at 16:26, Kent Borg wrote:
>
> > Okay, I did that and restarted ntp.  Last night it was watching ping
> > times to use as a tell-tale...and so far they are still looking good
> > as I write this.
>
> I should also say, if you don't want to mmap your hosts, you can aim
> this at your machines running ntpd and see if they respond:
>
> ntpdc -n -c monlist {host}
>
> and see if it responds.
>
>      -- dNb
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 12 Jan 2014 18:46:15 -0500
> From: Kent Borg <kentborg at borg.org <javascript:;>>
> To: "David N. Blank-Edelman" <dnb at ccs.neu.edu <javascript:;>>
> Cc: "discuss at blu.org <javascript:;>" <discuss at blu.org <javascript:;>>
> Subject: Re: [Discuss] NTP Gone Crazy?
> Message-ID: <52D32947.9080207 at borg.org <javascript:;>>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> On 01/12/2014 04:29 PM, David N. Blank-Edelman wrote:
> > I should also say, if you don't want to mmap your hosts, you can aim
> > this at your machines running ntpd and see if they respond:
> >
> > ntpdc -n -c monlist {host}
> >
> > and see if it responds.
>
> "***Server reports data not found"
>
> -kb, the Kent who is presuming he is okay for the moment, at least in
> this regard.
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 12 Jan 2014 19:11:13 -0500
> From: Richard Pieri <richard.pieri at gmail.com <javascript:;>>
> To: "discuss at blu.org <javascript:;>" <discuss at blu.org <javascript:;>>
> Subject: Re: [Discuss] NTP Gone Crazy?
> Message-ID: <52D32F21.4040605 at gmail.com <javascript:;>>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> A more general solution is to install rate limiting policies for NTP,
> SNMP and CHARGEN at the border router. This lets you keep and use useful
> services while preventing them from being used in amplification attacks.
>
> --
> Rich P.
>
>
> ------------------------------
>
> Message: 4
> Date: Sun, 12 Jan 2014 23:19:06 -0500
> From: Nuno Sucena Almeida <nuno at aeminium.org <javascript:;>>
> To: discuss at blu.org <javascript:;>
> Subject: Re: [Discuss] Hello. and AMD loan?
> Message-ID: <52D3693A.9030801 at aeminium.org <javascript:;>>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 01/12/2014 11:54 AM, Stuart Conner wrote:
> > I'm getting tired of "distribution
> > upgrades" breaking things.
>
> If you stick with debian stable / ubuntu LTS , it shouldn't break things
> when you upgrade. arch/gentoo on the other hand, with continuous
> updates, I don't recommend those if you want stability.
>
> regards,
> Nuno
>
> --
> http://aeminium.org/nuno/
>
>
> ------------------------------
>
> Message: 5
> Date: Sun, 12 Jan 2014 23:23:36 -0500
> From: Nuno Sucena Almeida <nuno at aeminium.org <javascript:;>>
> To: discuss at blu.org <javascript:;>
> Subject: Re: [Discuss] Time Daemons
> Message-ID: <52D36A48.6070407 at aeminium.org <javascript:;>>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 01/12/2014 01:18 PM, jbk wrote:
> > So I've noticed on my latest install of Fedora 20 that it uses 'chrony'
> > for time synchronization. Is there any need to use NTP?
>
> >From http://chrony.tuxfamily.org/introduction.html it seems its major
> feature is that it deals better with intermittent connections to
> upstream ntp servers.
>
> cheers,
> Nuno
>
> --
> http://aeminium.org/nuno/
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 13 Jan 2014 02:57:04 -0500
> From: Tom Metro <tmetro+blu at gmail.com <javascript:;>>
> To: Kent Borg <kentborg at borg.org <javascript:;>>
> Cc: L-blu <discuss at blu.org <javascript:;>>
> Subject: Re: [Discuss] NTP Gone Crazy?
> Message-ID: <52D39C50.1010706 at gmail.com <javascript:;>>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Kent Borg wrote:
> > David N. Blank-Edelman wrote:
> >> Perhaps this?
> >>
> http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks
> >
> > I'll bet that is it.  I'll keep NTP turned off for the moment until I
> > can run a newer version.
>
> This attack sounds like it requires an exposed NTP server[1]. Is yours
> behind a firewall?
>
> If not, why is it exposed? Are you a volunteer in
> http://www.pool.ntp.org/en/ ?
>
>  -Tom
>
> 1. Traversing a simple NAT firewall is not too hard, when you are
> talking about a stateless UDP protocol for services that send outbound
> packets quite regularly, and thus it keeps the NAT port mappings active,
> but still this is not trivial. Aside from mitigating this with the rate
> limiting Rich suggests, I'd expect a decent NAT implementation "out of
> the box" would thwart this by rejecting packets coming from IPs others
> that where the outbound packets were sent. Even if you spoofed those
> IPs, unless you aim to DDoS other NTP servers, that would seem to make
> this technique useless.
>
> --
> Tom Metro
> The Perl Shop, Newton, MA, USA
> "Predictable On-demand Perl Consulting."
> http://www.theperlshop.com/
>
>
> ------------------------------
>
> Message: 7
> Date: Mon, 13 Jan 2014 09:28:19 -0500
> From: Kent Borg <kentborg at borg.org <javascript:;>>
> To: Tom Metro <tmetro+blu at gmail.com <javascript:;>>
> Cc: L-blu <discuss at blu.org <javascript:;>>
> Subject: Re: [Discuss] NTP Gone Crazy?
> Message-ID: <52D3F803.7000301 at borg.org <javascript:;>>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> On 01/13/2014 02:57 AM, Tom Metro wrote:
> > This attack sounds like it requires an exposed NTP server[1]. Is yours
> > behind a firewall?
>
> It is exposed to the internet.
>
> > If not, why is it exposed? Are you a volunteer in
> > http://www.pool.ntp.org/en/ ?
>
> Because I use it myself from elsewhere.  Why?  For the same reason I pay
> extra for a static IP address, I run my own e-mail server, etc.
>
> -kb, the Kent who doesn't like firewalls in general.
>
>
>
> ------------------------------
>
> Message: 8
> Date: Mon, 13 Jan 2014 11:18:39 -0500
> From: john saylor <js0000 at gmail.com <javascript:;>>
> To: discuss at blu.org <javascript:;>
> Subject: Re: [Discuss] NTP Gone Crazy?
> Message-ID: <52D411DF.70209 at gmail.com <javascript:;>>
> Content-Type: text/plain; charset=UTF-8
>
> On 1/12/14, 16:26 , Kent Borg wrote:
> > -kb, the Kent who feels bad to have been part of a DDoS attack.
>
> nothing to feel bad about. you became aware of a problem and even took
> action. that's a good thing!
>
> and you'll probably even do some kinda audit of other stuff on your
> systems as well [perhaps already have].
>
> --
> \js [http://or8.net/~johns/] : i am alive
>
>
> ------------------------------
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org <javascript:;>
> http://lists.blu.org/mailman/listinfo/discuss
>
>
> End of Discuss Digest, Vol 32, Issue 18
> ***************************************
>


-- 
Thanks,
Stu

617-462-0552
genuineaudio at gmail.com
blue23 at netzero.net
stuart.conner at state.ma.us

Stuart Conner
62 Rhodes Cir
Hingham, MA 02043



More information about the Discuss mailing list