[ntp:security] Amplification DDoS vulnerabilities in Cisco's NTP server implementation(s)

Kevin Saling (saling) saling at cisco.com
Fri Aug 16 15:05:52 UTC 2013


This will be tracked on the Cisco side as case PSIRT-1589664572.

--
Kevin Saling
Cisco Systems
Incident Manager, Cisco PSIRT
Product Security Incident Response Team
PGP Key 0x6873F71B



On 8/16/13 7:00 AM, Clay Kossmeyer wrote:
> 
> Thanks Harlan and Christian, we'll wait to hear from CERT regarding their communication plan, etc.
> 
> Clay
> 
> On Aug 16, 2013, at 7:53 AM, Harlan Stenn <stenn at ntp.org> wrote:
> 
>> Cisco folks,
>>
>> It may not need to be said but just to be sure, please make no
>> announcements about this situation until the CERT announcement schedule
>> is made.
>>
>> Network Time Foundation has Certification and Compilance programs to
>> help make sure these and other damaging and potentially embarrassing
>> events will not happen, and these programs are available to
>> institutional members of Network Time Foundation.  I again offer to talk
>> with folks at Cisco about these opportunities and the very real benefits
>> they can bring.
>> -- 
>> Harlan Stenn <stenn at ntp.org>
>> http://networktimefoundation.org - be a member!
> 


More information about the security mailing list