Hi Mark, On 22 December 2014 at 11:02, Mark Felder <f...@freebsd.org> wrote: > On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote: >> I'd like to propose that FreeBSD move to OpenNTPD, which appears to >> have none of the >> fixed or unfixed (!) vulnerabilities that are present in ntpd. >> There's already a port. >> > > Historically OpenNTPD has been dismissed as a candidate because of its > reduced accuracy and missing security features. For example, it doesn't > implement the NTPv4 functionality or authentication. > > Quite literally the OpenNTPD is vulnerable to a MITM attack because of > the lack of authentication. Their stance has been that you should trust > your NTP servers and suggest using a VPN for the NTP traffic. Probably > not a bad idea, honestly.
Would you say a MITM attack is similar to a forged ntp reply? If so, have you seen this: http://quigon.bsws.de/papers/opencon04/ntpd/mgp00018.html > > I don't have a qualified opinion, but that should get you on the right > track if you want to research further. -- ------- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
