[ntp:questions] What to do for clients less than 4.2.8?

David Woolley david at ex.djwhome.demon.invalid
Sun Dec 21 09:47:46 UTC 2014


On 20/12/14 22:01, Rob wrote:
> David Woolley <david at ex.djwhome.demon.invalid> wrote:
>> On 20/12/14 19:58, William Unruh wrote:
>>> Is it an ntp packet (ie a time exchange packet)? is it a control packet
>>> (eg ntpq type packet?) or what?
>>> Ie, unless you use crypto, these two look like they might be dangerous.
>>
>> Both routines only process NTP type 6 packets, i.e. nptq.
>
> But is that before or after those packets are filtered by "restrict"?
>
ctl_putdata is sending the response (my guess is the attack is monlist 
based), so it is definitely after the filter.  configure is a fairly 
complex command processing option, so, although I didn't check the code 
in detail, I would be most surprised if it wasn't after the filter.



More information about the questions mailing list