[time-nuts] When NTP goes wrong...
Harlan Stenn
stenn at ntp.org
Sun Oct 25 20:52:28 EDT 2015
Neil Schroeder writes:
> I would like to respond in a generic and sweeping way - having not read in
> the detail Bob layed out for us required to fully analyze the situation -
> to the notion that circuit level access or prior topological knowledge is
> required to exploit this or any other spoofing attack. On a corporation or
> education network, I could generate such malformed packets with almost no
> effort as long as i had my Mac or a similarly not-windows device, or access
> to one. I estimate it'd take less than 5 minutes for me to do for the
> majority of targets - which means any motivated party could within an hour
> or two. I'm not warranting I would succeed - hopefully there would be a
> real firewall SOMEWHERE in the path from the open internet to a real
> physical host.
I invite you to take 5-15 minutes' time and find out. I won't ask you
to (and I hope you don't) publish too much information on what you find
out, because that initial hurdle is "big enough" to keep the majority of
miscreants at bay. However, give a tool to a script-kiddie...
But please do take a bit of time and try to implement this attack.
Once you are there, I'd appreciate any suggestions hou might have
regarding mitigation.
--
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!
More information about the time-nuts
mailing list