On 5/10/2016 at 10:30 AM, "Chuck Church" <chuckchu...@gmail.com> wrote:
> >It doesn't really. Granted there are a lot of CVEs coming out for >NTP the >last year or so. But I just don't think there are that many >attacks on it. >It's just not worth the effort. Changing time on devices is more >an >annoyance than anything, and doesn't necessarily get you into a >device. >Sure you can hide your tracks a little by altering time in logs >and altering >it back, but that's more of an in-depth nation-state kind of >attack, not >going to be a script kiddie kind of thing. Just follow the best >practices >for verifying packet sources and NTP security itself, and you >should be ok. > >Chuck I would argue that the fact the NTP can, and has been, be used in DDoS amplification attacks is a serious concern for using protocol going forward. allan
