[time-nuts] When NTP goes wrong...
Florian Teply
usenet at teply.info
Sat Oct 24 10:36:14 UTC 2015
Am Wed, 21 Oct 2015 22:54:15 -0700
schrieb Rob Seaman <seaman at noao.edu>:
> Mark Sims said:
>
> > Ars Technica just put up a piece on the effects of various attacks
> > on NTP with a link to the original paper.
> >
> > http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/
>
>
> The Network Time Foundation (through Harlan Stenn’s hard work) has
> already released a patch synchronized with the publication of the
> referenced paper from Boston University:
>
> http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/
>
> Many of the comments on the Ars Technica piece are quite naive
> regarding timekeeping issues. This reflects an ongoing need for
> public education that Time-nuts as well as NTF can help supply.
>
In my opinion, it would be interesting to know if other implementations
are affected as well.
Until now, I've come across the ntp mentioned above, maintained by
the network time foundation.
But there's also openntpd, maintained by the OpenBSD guys, and ntimed
by PHK, which IIRC both claim to address security. Likely there afre
even more out there...
But if I read that article on ars technica correctly, it looks like it
is something inherent to the ntp protocol itself and the definitions it
makes.
Poul-Henning, would you care to comment on that for ntimed?
Best regards,
Florian
More information about the Time-nuts_lists.febo.com
mailing list