[ntp:security] monlist reflective DDoS

Christian Rossow christian.rossow at gmail.com
Tue Aug 13 04:57:04 UTC 2013


>> I can scan the IPv4 space next week and include a version request so
>> that we get a clear picture of the server version. What you think?
> Sounds helpful to me.
I started the scan yesterday and will come back to you when it's
finished (probably in about 2 days).

> We won't be telling anybody about your work until after the CERT
> announcement is public, and if you want to be anonymous for the CVE
> report we can do that too.
I just emailed the conference chair: it's no problem to file a CVE with
my name on it. He agrees that getting things fixed is more important
than my anonymity.

> Will you be attending that conference?
Yes, but only if my papers gets accepted. It's a highly competitive
conference, only ~15% of the submitted papers may present. I'll be
notified about acceptance in early November.

Christian


More information about the security mailing list