On 8/13/20 5:48 AM, Hal Murray via devel wrote: >>> https://bugs.ntp.org/show_bug.cgi?id=3596 > > That bug talks about feeding bogus time to a system by guessing the transmit > time stamp. > > When ntpd gets a response, it drops responses where the time-stamp it sent > doesn't match the corresponding slot in the reply. The idea is that most of > the bits in that slot are predictable so an off path attacker has a good > chance of getting a bogus response through by guessing the value the server > is > expecting. > > There is a draft in the pipeline: > https://tools.ietf.org/html/draft-ietf-ntp-data-minimization-04 > We implement that.
There is also this (which you forwarded to this list) which might help: https://datatracker.ietf.org/doc/draft-ietf-ntp-port-randomization/ What's the status of that in NTPsec? I presume "not implemented", but is it planned? -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
