[chrony-dev] [PATCH 0/4] Fix traffic amplification

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


Here are patches I've prepared to address the problem with traffic
amplification. Please let me know if you see any problems. I'd like
to make a security release this week if everything goes well.

The first patch reduces the maximum number of samples in MANUAL_LIST
reply to 16 to make the padding added in the next patch smaller, the
second patch adds the padding to the protocol and bumps the protocol
version, and the third patch allows chronyc to communicate with older
servers. The fourth patch modifies chronyd to never respond to hosts
not allowed by cmdallow.

Miroslav Lichvar (4):
  Set maximum number of samples in manual list reply to 16
  Add padding to cmdmon requests to prevent amplification attack
  Support previous protocol version in chronyc
  Send cmdmon error replies only to allowed hosts

 candm.h     |  33 +++++++++++---
 client.c    |  31 ++++++++++---
 cmdmon.c    |  63 +++++++++++++-------------
 pktlength.c | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 pktlength.h |   2 +
 5 files changed, 229 insertions(+), 47 deletions(-)

-- 
1.8.4.2


-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/