[ntp:questions] Re: Taming the pinball machine
Dale R. Worley
worley at theworld.com
Thu Nov 13 14:53:33 UTC 2003
"Maarten Wiltink" <maarten at kittensandcats.net> writes:
> An exploitable stack overflow _is_ a threat, and it's CERT's job to
> be paranoid, too, and get vulnerabilities fixed as quick as humanly
> possible. And humanely possible, which they may sometimes forget as
> it mixes badly with the paranoid part.
Sadly, an exploitable flaw in a program as widely distributed as NTP
really is a problem for the big, wide world. It seems that about
three times a year, some MS exploit gets into the hands of a worm
writer, and zillions of man-hours are burned trying to get Internet
performance back to a reasonable level. For instance, remember when
all the backbone operators had to filter out packets to a particular
UDP port because some MS exploit was using it?
If NTP weren't now a ubiquitous part of the infrastructure, it
wouldn't be such a problem. But, globally, a few hundred thousand
man-hours could easily be lost from a successful NTP exploit. So the
optimum is for CERT to pressure you to get it fixed ASAP.
More information about the questions