[ntp:questions] NTP internal server?

Richard B. Gilbert rgilbert88 at comcast.net
Fri Oct 27 16:50:48 UTC 2006


Maarten Wiltink wrote:

> "Richard B. Gilbert" <rgilbert88 at comcast.net> wrote in message
> news:9dqdndo838CLatzYnZ2dnUVZ_uqdnZ2d at comcast.com...
> 
> 
>>As far as anyone here knows there are no "exploits" associated with NTP.
> 
> 
> After a short look-around on SecurityFocus, I would like to exclude
> myself from that 'anyone' group.
> 
> Groetjes,
> Maarten Wiltink
> 
> 

All right, there are, or were, fifteen reported exploits.  None is dated 
more recently than 2004 and some seem to be complaining about ten year 
old software distributed by companies such as Sun, Redhat, Debian, etc.

Other reports concerned Microsoft's attempts to implement the protocol.

None of these exploits has been mentioned here in the 2-1/2 to 3 years 
that I've been reading this newsgroup.

Does anyone know of exploits available in the reference implementations 
released since 1-JAN-2004?

I'd say that the proper response is not to forbid the use of the NTP 
protocol but rather to avoid running defective implementations thereof!




More information about the questions mailing list