[ntp:hackers] NTP DoS attack blog post
TGLASSEY
tglassey at earthlink.net
Wed Feb 26 13:06:43 UTC 2014
Can we use an optional X509 certificate for this? Cookies and their
processes dont meet a number of audit requirements. So a cert would be a
cool option for this.
Todd
On 2/25/2014 10:47 PM, Hal Murray wrote:
> brian.utterback at oracle.com said:
>>> The mrulist command has the infrastructure for using a cookie to get more
>>> data. It probably wouldn't be very hard to use that on all commands.
>> Which was part of my previsouly posted proposal for how to deal with this
>> problem long term.
> Then it must be a good idea. :)
>
> I submitted a bug:
> https://bugs.ntp.org/show_bug.cgi?id=2571
> Summary: ntpd and ntpq should use cookies/nonce on all commands, not just
> mrulist
>
> I included a couple of chunks of tcpdump output.
>
> Standard time exchange: 48 => 48
> ntpq -c "rv 0" tom: 12 => 460
> ntpq -c peers tom: 12 => 52, then clumps of 12 => ~600 in 2 packets.
> ntpq -c mrulist tom: 12 => 44, 52 => 452+460+376 (10 clients)
>
>
--
-------------
Personal Email - Disclaimers Apply
More information about the hackers
mailing list