rdate(8): correctly specify supported NTP versions

2017-05-03 Thread Ivan Markin
Hello tech@, On receiving a packet with unsupported versions rdate(8) says that "Received NTP version %u, need 4 or lower". This is not quite true. Supported versions are 1, 2, 3, 4 and not 0. Index: ntp.c === RCS file

Re: NTP

2014-12-21 Thread John Long
On Fri, Dec 19, 2014 at 06:22:47PM -0700, Theo de Raadt wrote: > The ntp daemon included in OpenBSD is our own openntpd, written > from scratch. > > openntpd is not vulnerable. Thank you OpenBSD people and project. I just shitcanned ntp on my Linux box and replaced it with openntp

Re: NTP

2014-12-20 Thread Christian Weisgerber
On 2014-12-20, Peter Hessler wrote: >:And it is probably vulnerable to this: >:https://github.com/PentesterES/Delorean >:(tl;dr Man-in-the-Middle) > > OpenNTPd embeds random cookies into several fields of the ntp packet, > the server is required to copy them back into the rep

Re: NTP

2014-12-20 Thread Peter Hessler
;dr ntp authentication is not secure) : OpenNTPd does not do auth at all. :And it is probably vulnerable to this: :https://github.com/PentesterES/Delorean :(tl;dr Man-in-the-Middle) : OpenNTPd embeds random cookies into several fields of the ntp packet, the server is required to copy them back i

Re: NTP

2014-12-20 Thread Hanno Böck
On Fri, 19 Dec 2014 18:22:47 -0700 Theo de Raadt wrote: > openntpd is not vulnerable. Depends on which vulnerability you mean. It is probably vulnerable to this one: http://zero-entropy.de/autokey_analysis.pdf (tl;dr ntp authentication is not secure) And it is probably vulnerable to t

Re: NTP

2014-12-19 Thread Theo de Raadt
cat $i >> allcode; done > > $ egrep -v '[:blank:]*/?\*' allcode | grep -v "^ *$" | wc -l > > 192870 > > > > This is ntp-4.2.8 A rough estimate but close enough if we are comparing to > > a know solution that is <5000. That is a factor of 6

Re: NTP

2014-12-19 Thread J Sisson
gt; $ for i in $(find . -name "*.[ch]"); do cat $i >> allcode; done > $ egrep -v '[:blank:]*/?\*' allcode | grep -v "^ *$" | wc -l > 192870 > > This is ntp-4.2.8 A rough estimate but close enough if we are comparing to > a know solution that is <

Re: NTP

2014-12-19 Thread trondd
ep -v '[:blank:]*/?\*' allcode | grep -v "^ *$" | wc -l 192870 This is ntp-4.2.8 A rough estimate but close enough if we are comparing to a know solution that is <5000. Keep up the good work. Tim.

NTP

2014-12-19 Thread Theo de Raadt
The ntp daemon included in OpenBSD is our own openntpd, written from scratch. openntpd is not vulnerable. Around 10 years ago it was written by Henning, at my request because the ntpd source code scared the hell out of us. At the time communications with the ntp team showed they had little