Hello tech@,
On receiving a packet with unsupported versions rdate(8) says
that "Received NTP version %u, need 4 or lower". This is not quite
true. Supported versions are 1, 2, 3, 4 and not 0.
Index: ntp.c
===
RCS file
On Fri, Dec 19, 2014 at 06:22:47PM -0700, Theo de Raadt wrote:
> The ntp daemon included in OpenBSD is our own openntpd, written
> from scratch.
>
> openntpd is not vulnerable.
Thank you OpenBSD people and project.
I just shitcanned ntp on my Linux box and replaced it with openntp
On 2014-12-20, Peter Hessler wrote:
>:And it is probably vulnerable to this:
>:https://github.com/PentesterES/Delorean
>:(tl;dr Man-in-the-Middle)
>
> OpenNTPd embeds random cookies into several fields of the ntp packet,
> the server is required to copy them back into the rep
;dr ntp authentication is not secure)
:
OpenNTPd does not do auth at all.
:And it is probably vulnerable to this:
:https://github.com/PentesterES/Delorean
:(tl;dr Man-in-the-Middle)
:
OpenNTPd embeds random cookies into several fields of the ntp packet,
the server is required to copy them back i
On Fri, 19 Dec 2014 18:22:47 -0700
Theo de Raadt wrote:
> openntpd is not vulnerable.
Depends on which vulnerability you mean.
It is probably vulnerable to this one:
http://zero-entropy.de/autokey_analysis.pdf
(tl;dr ntp authentication is not secure)
And it is probably vulnerable to t
cat $i >> allcode; done
> > $ egrep -v '[:blank:]*/?\*' allcode | grep -v "^ *$" | wc -l
> > 192870
> >
> > This is ntp-4.2.8 A rough estimate but close enough if we are comparing to
> > a know solution that is <5000.
That is a factor of 6
gt; $ for i in $(find . -name "*.[ch]"); do cat $i >> allcode; done
> $ egrep -v '[:blank:]*/?\*' allcode | grep -v "^ *$" | wc -l
> 192870
>
> This is ntp-4.2.8 A rough estimate but close enough if we are comparing to
> a know solution that is <
ep -v '[:blank:]*/?\*' allcode | grep -v "^ *$" | wc -l
192870
This is ntp-4.2.8 A rough estimate but close enough if we are comparing to
a know solution that is <5000.
Keep up the good work.
Tim.
The ntp daemon included in OpenBSD is our own openntpd, written
from scratch.
openntpd is not vulnerable.
Around 10 years ago it was written by Henning, at my request because
the ntpd source code scared the hell out of us. At the time
communications with the ntp team showed they had little