[ntp:questions] Receiving a message with imsg type - 15

David Woolley david at ex.djwhome.demon.invalid
Thu Aug 25 22:24:11 UTC 2011


Miguel Gonçalves wrote:

> In my opinion, totally unnecessary. Some people on the Internet are strange. 
> 
> If you don't have anything to say why waste your time? Perhaps you have a lot of free time?

Although I don't always agree with Unruh, I think he was quite right 
here.  He understated the DoS vulnerability and told the OP what was 
necessary to have a reasonable chance of getting a useful answer.

In fact, a quick Google suggests that this is nothing to do with the 
reference implementation, for which this forum, and the attached mailing 
list, have expertise, but some openbsd software, possibly their openntpd 
package, which, at least at one time, was really an SNTP package.

These messages actually seem to exist to allow a narrow interface to a 
security kernel that does the actual privileged operations, so not 
validating them is particularly bad from a security point of view.

Yes it is definitely OpenNTPD.  Although I cannot find a link from the 
project page to a forum or other support mechanism, the OP needs to go 
to the openBSD community if he has specific reasons to use openNTPD.

Telling us it was openNTPD from the start would have avoided wasted time.



More information about the questions mailing list