[ntp:questions] NTP internal server?
Richard B. Gilbert
rgilbert88 at comcast.net
Mon Oct 30 14:23:52 UTC 2006
Maarten Wiltink wrote:
> "Harlan Stenn" <stenn at ntp.isc.org> wrote in message
> news:ywn9ac3eipyd.fsf at ntp1.isc.org...
>>>>>In article <4544ed4b$0$331$e4fe514c at news.xs4all.nl>, "Maarten Wiltink"
> <maarten at kittensandcats.net> writes:
>>>>All right, there are, or were, fifteen reported exploits. None is
>>>>dated more recently than 2004 and some seem to be complaining about
>>>>ten year old software distributed by companies such as Sun, Redhat,
>>Maarten> Still distributed right now, yes. For all those people who
>>Maarten> aren't allowed to run something not backed by RFCs, and then
>>Maarten> come here with questions about something called xntp. Sound
>>What's your point? I don't see how what you just said applies to the
> I object to Richard's statement that old vulnerabilities are irrelevant
> and no cause for concern. More than most other software, NTP is haunted
> by users of old versions.
Old vulnerabilities that have been fixed are not a problem of much
concern to me. I run a recent version of ntpd that does not exhibit
these vulnerabilities. If people chose, for whatever reason, to run a
ten year old version of ntpd they must accept the associated risks and
inferior performance. Since the modern, improved and fixed version is
freely available to all I don't see any reason why anyone who needs NTP
and is concerned about security should not run it.
More information about the questions