[ntp:hackers] NTP DoS attack blog post

Miroslav Lichvar mlichvar at redhat.com
Thu Feb 27 08:36:36 UTC 2014


On Tue, Feb 25, 2014 at 10:47:40PM -0800, Hal Murray wrote:
> brian.utterback at oracle.com said:
> >> The mrulist command has the infrastructure for using a cookie to get more
> >> data.  It probably wouldn't be very hard to use that on all commands.
> 
> > Which was part of my previsouly posted proposal for how to deal with this
> > problem long term.
> 
> Then it must be a good idea.  :)
> 
> I submitted a bug:
>     https://bugs.ntp.org/show_bug.cgi?id=2571
>     Summary: ntpd and ntpq should use cookies/nonce on all commands, not just 
> mrulist

Should this block 4.2.8?

One problem is that it would break compatibility with older
ntpq/ntpdc. But I think that would be better than the current state,
where everyone is forced to block all queries by default.

-- 
Miroslav Lichvar


More information about the hackers mailing list