[ntp:questions] Re: "Listen on" semantics
stenn at ntp.isc.org
Wed Sep 20 22:30:35 UTC 2006
>>> In article <45110BAE.8040106 at skopos.be>, xntp at skopos.be (Luc Pardon) writes:
Lots of good stuff.
Luc> Case in point #1: back in 2001, there was a bug in - yes - (x)ntpd
Luc> that allowed remote root access. See, for example:
First, please compare this history to other root-running processes and tell
me how (x)ntpd compares. Especially given the length of time (x)ntpd has
been in the field.
Second, thanks for that URL; as I recall I heard *claims* that a root
exploit was possible but I never saw something that demonstrated it. I do
recall looking at code that *claimed* to produce a root shell, but neither I
nor any of the folks I talked to was able to reproduce this.
I'll add this to my queue of things to look at, anyway.
Luc> Case in point #2: only last week, my logs were being flooded
Luc> because somebody sent icmp port unreachable packets to udp/123. Each
Luc> packet is good for about 80 bytes of wasted disk space. A determined
Luc> attacker, starting on Friday evening, could use a high-speed line to
Luc> fill up a multi-gigabyte disk and have free game by Sunday
Luc> afternoon. By that time none of his actions will be logged anymore
Luc> because of disk full. By Monday morning, the sysadmin will scratch his
Luc> head over the "connection refused"'s and may not even know he's been
Fair point, and Real Soon Now we're going to have better configuration
control over logfiles. And I thought syslog() was pretty good about "Last
message repeated N times".
Regardless, I would like to see all these issues resolved, and I'm happy to
work cooperatively with anybody to see this happen.
More information about the questions