[ntp:questions] NTP internal server?
Richard B. Gilbert
rgilbert88 at comcast.net
Fri Oct 27 16:50:48 UTC 2006
Maarten Wiltink wrote:
> "Richard B. Gilbert" <rgilbert88 at comcast.net> wrote in message
> news:9dqdndo838CLatzYnZ2dnUVZ_uqdnZ2d at comcast.com...
>>As far as anyone here knows there are no "exploits" associated with NTP.
> After a short look-around on SecurityFocus, I would like to exclude
> myself from that 'anyone' group.
> Maarten Wiltink
All right, there are, or were, fifteen reported exploits. None is dated
more recently than 2004 and some seem to be complaining about ten year
old software distributed by companies such as Sun, Redhat, Debian, etc.
Other reports concerned Microsoft's attempts to implement the protocol.
None of these exploits has been mentioned here in the 2-1/2 to 3 years
that I've been reading this newsgroup.
Does anyone know of exploits available in the reference implementations
released since 1-JAN-2004?
I'd say that the proper response is not to forbid the use of the NTP
protocol but rather to avoid running defective implementations thereof!
More information about the questions