[ntp:questions] Re: Taming the pinball machine

Dale R. Worley worley at theworld.com
Thu Nov 13 14:53:33 UTC 2003


"Maarten Wiltink" <maarten at kittensandcats.net> writes:
> An exploitable stack overflow _is_ a threat, and it's CERT's job to
> be paranoid, too, and get vulnerabilities fixed as quick as humanly
> possible. And humanely possible, which they may sometimes forget as
> it mixes badly with the paranoid part.

Sadly, an exploitable flaw in a program as widely distributed as NTP
really is a problem for the big, wide world.  It seems that about
three times a year, some MS exploit gets into the hands of a worm
writer, and zillions of man-hours are burned trying to get Internet
performance back to a reasonable level.  For instance, remember when
all the backbone operators had to filter out packets to a particular
UDP port because some MS exploit was using it?

If NTP weren't now a ubiquitous part of the infrastructure, it
wouldn't be such a problem.  But, globally, a few hundred thousand
man-hours could easily be lost from a successful NTP exploit.  So the
optimum is for CERT to pressure you to get it fixed ASAP.

Dale



More information about the questions mailing list