[ntp:hackers] NTP DoS attack blog post

TGLASSEY tglassey at earthlink.net
Wed Feb 26 13:06:43 UTC 2014


Can we use an optional X509 certificate for this? Cookies and their 
processes dont meet a number of audit requirements. So a cert would be a 
cool option for this.

Todd

On 2/25/2014 10:47 PM, Hal Murray wrote:
> brian.utterback at oracle.com said:
>>> The mrulist command has the infrastructure for using a cookie to get more
>>> data.  It probably wouldn't be very hard to use that on all commands.
>> Which was part of my previsouly posted proposal for how to deal with this
>> problem long term.
> Then it must be a good idea.  :)
>
> I submitted a bug:
>      https://bugs.ntp.org/show_bug.cgi?id=2571
>      Summary: ntpd and ntpq should use cookies/nonce on all commands, not just
> mrulist
>
> I included a couple of chunks of tcpdump output.
>
> Standard time exchange: 48 => 48
> ntpq -c "rv 0" tom: 12 => 460
> ntpq -c peers tom:  12 => 52, then clumps of 12 => ~600 in 2 packets.
> ntpq -c mrulist tom: 12 => 44, 52 => 452+460+376 (10 clients)
>
>

-- 
-------------

Personal Email - Disclaimers Apply



More information about the hackers mailing list