brycec: same as with anything; if i get complaints, then you're done
so probably you'd survive 10 minutes as an exit
maybe less
middleman probably acceptable
I want to file a complaint
“If you have a complaint, I suggest you submit it through our email system. I'd be happy to refer you to our website.”
Well
I'm complaining about every arp subscriber other than me
because I want the servers to myself
so
take that.
just pay up and it is all yours :P
what? pay?
i thought this was America
'murica
today i've learned that freebsd's default ntpd config allows monlist queries to everyone, which enables malicious entities to abuse the ntp server to perfom amplification ddos attacks. so if your server responds to "ntpdc -c monl <server>" you should fix your config asap or you might become part of (and be responsible for) a ddos attack (this is comparable to running an open dns resolver)
FreeBSD is the Linux of the BSDs.
at least it's not just linux :)
...
m0unds_: S
it's the most unix-like of the linuxes
omgz must run teh opanbsdz for mad skurity
it's.  Not.  Needed.  Evar.
just say what you're going to say when you're ready.
i was saying S
obviously
http://svnweb.freebsd.org/base/head/etc/ntp.conf?revision=259973&view=markup&pathrev=259973
trying to study what monl does
it makes the ntp server send you its last 600 clients/peers
ahh - so you can have that point at another server via source spoofing?
little request => big response => ddos
jep. as it's udp and you can put any source address in the request (if you're with a lame ass provider which doesn't implement bcp 38)
so just add "disable monitor" to my ntp.conf?
as far as i understand it, it's "restrict noquery" which does the trick
but i think best would be to use this config: http://svnweb.freebsd.org/base/head/etc/ntp.conf?revision=259973&view=co&pathrev=259973
ok
(which should be the new default as of 45 hours ago)
why doesn't freebsd use openntpd?
hey all :)
hi
staticsafe what's happenin?