On Wed, Jan 15, 2014 at 11:36 AM, Nicolai <nicolai-om...@chocolatine.org> wrote: > So, is it correct to say that OpenNTPD is immune from generating large > amplifications? (Recent articles on the subject mention 100x > amplification factors!)
It looks like the recent CVEs are about ntp.org ntpd implementing some private extensions that export additional information for monitoring purposes (e.g., REQ_MON_GETLIST and REQ_MON_GETLIST_1 via "private" mode 7 requests). OpenNTPD in server mode ignores packets that aren't in "client" or "symmetric active" modes (see server_dispatch() in usr.sbin/ntpd/server.c), so it looks unaffected to me.
