NTP security hole CVE-2013-5211?
Charles Swiger
cswiger at mac.com
Thu Mar 20 21:04:42 UTC 2014
Hi--
On Mar 20, 2014, at 12:33 PM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
> Here is what I am seeing now in response to an ntpdc "peers" query. I am
> not really all that familiar with this stuff, so if anybody else here can
> tell me if this looks messed up or not, I'd sure appreciate it.
>
>
> remote local st poll reach delay offset disp
> =======================================================================
> =nist.netservice 69.62.255.118 16 1024 0 0.00000 0.000000 3.99217
> =rook.slash31.co 69.62.255.118 16 1024 0 0.00000 0.000000 3.99217
> =96.44.142.5 69.62.255.118 16 1024 0 0.00000 0.000000 3.99217
Reachability score of 0 means you've blocked the communications.
> Of course, if this *is* messed up, then I guess that I'll have to remove
> my firewall rule, and diddle my /etc/ntp.conf file at the same time, in
> order to make sure that the Evil Ones don't come back and use & abuse me
> again.
OK, although you're making this more complicated than it needs to be.
If you don't want to provide NTP service to the outside world, leave your existing
deny rule in place but add permit rules to allow UDP traffic to and from the
NTP servers which you want to sync time from.
Regards,
--
-Chuck
More information about the freebsd-security
mailing list