[ntp:security] reproducing mode 7 ping pong
stenn at ntp.org
Tue Oct 13 05:06:17 UTC 2009
The universe is bigger than you, or you and the folks on this mailing
list, or the developers who work on the code.
> Dave Hart wrote:
> > With ntpdc alone you can't trigger the DoS, to see the impact on ntpd
> > in the one-ntpd and two-ntpd cases. Putting the triggering code in
> > ntpd avoids the need to forge the source address.
> Right but you don't need to do that to test the patch since we already
> know the attack vector and fixing the code to drop bad data is
> sufficient though there is nothing wrong with testing this the DOS itself.
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> security mailing list
> security at lists.ntp.org
More information about the security