Re: NTP security hole CVE-2013-5211?

Hi--

On Mar 20, 2014, at 12:33 PM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
> Here is what I am seeing now in response to an ntpdc "peers" query.  I am
> not really all that familiar with this stuff, so if anybody else here can
> tell me if this looks messed up or not, I'd sure appreciate it.
> 
> 
>     remote           local      st poll reach  delay   offset    disp
> =======================================================================
> =nist.netservice 69.62.255.118   16 1024    0 0.00000  0.000000 3.99217
> =rook.slash31.co 69.62.255.118   16 1024    0 0.00000  0.000000 3.99217
> =96.44.142.5     69.62.255.118   16 1024    0 0.00000  0.000000 3.99217

Reachability score of 0 means you've blocked the communications.

> Of course, if this *is* messed up, then I guess that I'll have to remove
> my firewall rule, and diddle my /etc/ntp.conf file at the same time, in
> order to make sure that the Evil Ones don't come back and use & abuse me
> again.

OK, although you're making this more complicated than it needs to be.

If you don't want to provide NTP service to the outside world, leave your existing
deny rule in place but add permit rules to allow UDP traffic to and from the
NTP servers which you want to sync time from.

Regards,
-- 
-Chuck

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"