[ntp:security] [Bug 3592] DoS attack on client ntpd

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Dec 16 07:47:42 UTC 2019


Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
             Status|CONFIRMED                   |IN_PROGRESS
         AssignedTo|stenn at ntp.org               |perlinger at ntp.org

--- Comment #6 from Juergen Perlinger <perlinger at ntp.org> 2019-12-16 07:47:42 UTC ---
Created attachment 1701
  --> https://bugs.ntp.org/attachment.cgi?id=1701
prevent poll DoS, v0.00

I think the culprit was a call to 'poll_update()' that was called "just to be
sure" even if the packet was rejected because of the flashers. Add to this the
capability of 'poll_update()' to postpone the next poll (rate limit and alike)
and we end exactly in the mess we found.

I tried to tackle this from two ends: 1st, by *not* calling 'poll_update()'
when the packet was rejected, 2nd, by making sure the next poll cannot be
delayed indefinitely. The current/released code also moved the schedule for
symmetric interleave mode on bad packets. This phase adjustment is now also
done only if the packet was actually considered valid.

Miroslav, any tests, comments, or further input is warmly welcome.

Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list