Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: ntpd upgrade to prevent spoofed looping - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ntpd upgrade to prevent spoofed looping

Martin wrote in to point to VU #568372. It contains a description of a vulnerability (CVE-2009-3563) in the reference implementation of ntpd, which will sound very familiar for any dog owner seeing his pet chase it's own tail. Basically all that's needed is a single spoofed packet to set of ntp daemons to start endlessly sending messages to themselves or to each-other.

Filtering in the short term is a possible workaround, but upgrading your ntp software to at least version 4.2.4p8 is a far better long term strategy.

Note that this software is often embedded in various devices and operating systems, so upgrading it might take a bit of effort in tracking it all down.

Swa Frantzen -- Section 66


760 Posts
Dec 9th 2009

Sign Up for Free or Log In to start participating in the conversation!