On Fri, Sep 07, 2001 at 09:50:50AM +0800, Ronald Warner wrote:
> i don't want to create another server just for the sole purpose of
> getting the correct time. can i add this to a dns server? is it safe?
> and how much of a load does it make?
>
Last I heard, the David Mills NTPD had a buffer overflow that could be
used for remote root. However, it's a UDP-BASED exploit, and so I've
never heard of anyone writing an exploit for it that could be used to
make a root shell. The size of the buffer being overflowed is too
small to make such an attack practical I hear, but nevertheless...
You CAN use it however, just take the following precautions:
1. Set up the ntpd rules so it will not accept any synch requests from
anybody.
2. Set up a firewall rule to filter all connections to TCP and UDP
port 123.
3. Set up your xntpd to use non-privileged ports for its communication
(so you won't need to unblock port 123 for the NTP server you're
trying to talk to).
By the way, Inter.Net will soon be setting up a GPS NTP server here
(once we can figure out where to put the thing so it can see the
sky!)...
Another alternative will be to put ntpdate in your crontab, but this
is less accurate and less efficient.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
