[ntp:security] reproducing mode 7 ping pong

Harlan Stenn stenn at ntp.org
Wed Oct 14 04:08:53 UTC 2009


Danny,

You seem to have completely missed the point.

I asked because other folks will want to run their own tests, to prove
to themselves that the problem is fixed.

H
--
> Harlan,
> 
> Believe me, nothing revolves around me. Trust me I know.
> 
> I thought you understood this so I didn't think I needed to explain so I
> will explain below.
> 
> Dmitri showed one attack vector using a too small packet and forging the
> ip address source, usual stuff that hackers do, resulting in a ping-pong
> between two nodes. Dave Hart's patch just shows another way of doing the
> same thing, though it does assume that there is a version of ntpd
> running on the same node as the ntpdc client being used to mount the
> attack. Neither the attack vectors are as important as the target of the
> attack which I had already identified as a result of Dmitri's report.
> The patch that I issued closes all of the possible methods of
> accomplishing such an attack which I had to check one at a time to
> ensure that the attack cannot succeed. It's not the attack method that's
> important, it's the fix to prevent the attacks from succeeding in the
> first place and ensuring that needs to be verified to be certain that
> there is no method that will allow it to succeed.
> 
> Danny
> 
> Harlan Stenn wrote:
> > Danny,
> > 
> > The universe is bigger than you, or you and the folks on this mailing
> > list, or the developers who work on the code.
> > 
> > H
> > 
> >> Dave Hart wrote:
> >>> With ntpdc alone you can't trigger the DoS, to see the impact on ntpd
> >>> in the one-ntpd and two-ntpd cases.  Putting the triggering code in
> >>> ntpd avoids the need to forge the source address.
> >> Right but you don't need to do that to test the patch since we already
> >> know the attack vector and fixing the code to drop bad data is
> >> sufficient though there is nothing wrong with testing this the DOS itself.
> >>
> >> Danny
> >>
> >> -- 
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> _______________________________________________
> >> security mailing list
> >> security at lists.ntp.org
> >> https://lists.ntp.org/mailman/listinfo/security
> > 
> > 
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.


More information about the security mailing list