[ntp:security] [Bug 3114] Broadcast Mode Replay Prevention DoS

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sun Nov 13 20:00:34 UTC 2016


--- Comment #25 from Harlan Stenn <stenn at ntp.org> 2016-11-13 20:00:34 UTC ---

I think your CVSS scores are too high.  While AV:N is possible, it seems
unreasonable.  AV:A is more reasonable.

NTP Broadcasts are *only* expected to be used on trusted network domains.  AV:N
is clearly not a trusted network domain.  And the presence of a replay attack
is evidence that the given network domain is not trustable.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list