[ntp:security] Safety of machines behind firewalls in running pre 4.2.8
philip at gladstonefamily.net
Sat Dec 20 05:22:41 UTC 2014
I suspect that a sufficiently motivated attacker can attack machines
(e.g. desktop systems) behind firewalls if they are running a pre-4.2.8
version of ntpd.
The approach is as follows:
* Bad guy adds server into pool.ntp.org and claims 1Gb bandwidth
* Bad guy's machine gets lots of traffic, including traffic from
vulnerable servers behind firewalls.
* Bad guy can now send the attack packets just after getting requests
from the vulnerable servers.
In this case, the firewall will forward the attack packet through to the
vulnerable server as it appears to be a response to a request that the
I have pinged Ask to request that he be on the lookout for new servers
I don't think that there is anything that you can do about this, but it
makes me even more nervous....
Been playing with NTP since 1991.
More information about the security