[ntp:questions] Receiving a message with imsg type - 15
David Woolley
david at ex.djwhome.demon.invalid
Thu Aug 25 22:24:11 UTC 2011
Miguel Gonçalves wrote:
> In my opinion, totally unnecessary. Some people on the Internet are strange.
>
> If you don't have anything to say why waste your time? Perhaps you have a lot of free time?
Although I don't always agree with Unruh, I think he was quite right
here. He understated the DoS vulnerability and told the OP what was
necessary to have a reasonable chance of getting a useful answer.
In fact, a quick Google suggests that this is nothing to do with the
reference implementation, for which this forum, and the attached mailing
list, have expertise, but some openbsd software, possibly their openntpd
package, which, at least at one time, was really an SNTP package.
These messages actually seem to exist to allow a narrow interface to a
security kernel that does the actual privileged operations, so not
validating them is particularly bad from a security point of view.
Yes it is definitely OpenNTPD. Although I cannot find a link from the
project page to a forum or other support mechanism, the OP needs to go
to the openBSD community if he has specific reasons to use openNTPD.
Telling us it was openNTPD from the start would have avoided wasted time.
More information about the questions
mailing list