[time-nuts] When NTP goes wrong...

Paul tic-toc at bodosom.net
Sat Oct 24 10:29:14 EDT 2015


On Sat, Oct 24, 2015 at 6:36 AM, Florian Teply <usenet at teply.info> wrote:

> Am Wed, 21 Oct 2015 22:54:15 -0700
> schrieb Rob Seaman <seaman at noao.edu>:
>
> > The Network Time Foundation (through Harlan Stenn’s hard work) has
> > already released a patch synchronized with the publication of the
> > referenced paper from Boston University:
>

By the way, if you're running a public facing instance (client or server)
the patches in 4.2.8p4 and 4.3.76 are  incomplete and don't fix the worst
potential problem.   If you're concerned about the rate limiting attacks
the current best practice is to firewall and disable rate limiting.  There
are follow-up patches floating about if you want to attempt to resolve the
problem locally

In my opinion, it would be interesting to know if other implementations
> are affected as well.
>

Any implementation that does spoof-able rate limiting can be attacked.  I
don't see any mention of that in the OpenBSD conf file nor any mention in
the ntimed on github.


> But if I read that article on ars technica correctly, it looks like it
> is something inherent to the ntp protocol itself and the definitions it
> makes.
>

There are various programs that can exchange packets with an Network Time
Foundation (NTF) ntpd (ntimed, openntpd, chrony, sntp  etc. etc.) but that
don't implement the many many features in the NTF versions.   Perhaps
that's why none of those programs call themselves ntpd.

Interested parties can follow this on the ntp-pool and ntp-hackers lists.


More information about the time-nuts mailing list