Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - ntpd upgrade to prevent spoofed looping InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ntpd upgrade to prevent spoofed looping

Published: 2009-12-09
Last Updated: 2009-12-09 14:10:04 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

Martin wrote in to point to VU #568372. It contains a description of a vulnerability (CVE-2009-3563) in the reference implementation of ntpd, which will sound very familiar for any dog owner seeing his pet chase it's own tail. Basically all that's needed is a single spoofed packet to set of ntp daemons to start endlessly sending messages to themselves or to each-other.

Filtering in the short term is a possible workaround, but upgrading your ntp software to at least version 4.2.4p8 is a far better long term strategy.

Note that this software is often embedded in various devices and operating systems, so upgrading it might take a bit of effort in tracking it all down.

Swa Frantzen -- Section 66

Keywords: DoS ntp ntpd
0 comment(s)
Diary Archives