Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: ntpd upgrade to prevent spoofed looping - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ntpd upgrade to prevent spoofed looping

Martin wrote in to point to VU #568372. It contains a description of a vulnerability (CVE-2009-3563) in the ntpd.org reference implementation of ntpd, which will sound very familiar for any dog owner seeing his pet chase it's own tail. Basically all that's needed is a single spoofed packet to set of ntp daemons to start endlessly sending messages to themselves or to each-other.

Filtering in the short term is a possible workaround, but upgrading your ntp software to at least version 4.2.4p8 is a far better long term strategy.

Note that this software is often embedded in various devices and operating systems, so upgrading it might take a bit of effort in tracking it all down.

--
Swa Frantzen -- Section 66

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!