nanog mailing list archives

Re: NIST NTP servers

From: Harlan Stenn <stenn () ntp org>
Date: Thu, 12 May 2016 03:13:46 +0000

Harlan Stenn writes:

Sharon Goldberg writes:

Well, if you really want to learn about the NTP servers a target is using
you can always just sent them a regular NTP timing query (mode 3) and just
read off the IP address in the reference ID field of the response (mode 4).


Unless the server is an IPv6 server.  This trick only works for IPv4.

And we have a fix for all of this that will be out soon.


Also, the attacker will need to know the correct origin timestamp for
the brief window where that attack will work, and even if this happens
either the client or the server will see syslog entries alerting to the
abuse (if folks are running new enough versions of ntpd).

H

Current thread:

Re: NIST NTP servers, (continued)
- - - Re: NIST NTP servers Mel Beckman (May 11)
    - Re: NIST NTP servers Scott Whyte (May 11)
    - Re: NIST NTP servers Lamar Owen (May 11)
    - Re: NIST NTP servers Florian Weimer (May 11)
    - Re: NIST NTP servers Valdis . Kletnieks (May 11)
    - Re: NIST NTP servers Eric Kuhnke (May 11)
    - Re: NIST NTP servers Valdis . Kletnieks (May 11)
    - Re: NIST NTP servers Sharon Goldberg (May 11)
    - Re: NIST NTP servers Sharon Goldberg (May 11)
    - Re: NIST NTP servers Harlan Stenn (May 11)
    - Re: NIST NTP servers Harlan Stenn (May 11)
    - Re: NIST NTP servers Andreas Ott (May 11)
    - Re: NIST NTP servers Mel Beckman (May 11)
    - Re: NIST NTP servers Jay R. Ashworth (May 11)
    - Re: NIST NTP servers Majdi S. Abbas (May 11)
    - Re: NIST NTP servers Jared Mauch (May 12)
    - Re: NIST NTP servers Mike (May 12)
- Re: NIST NTP servers Scott Weeks (May 11)
  - Re: NIST NTP servers Gary E. Miller (May 11)
  - Re: NIST NTP servers Eygene Ryabinkin (May 11)
- Re: NIST NTP servers Scott Weeks (May 11)

(Thread continues...)