Jared Mauch wrote:
with this public disclosure: http://www.cs.bu.edu/~goldbe/NTPattack.html
And the media coverage:
http://www.csmonitor.com/World/Passcode/2015/1021/Researchers-reveal-how-attackers-could-turn-back-Internet-time
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
How are people going about upgrading their devices in the pool?
As I have written before, all KoD code should simply be removed. It serves no
useful purpose and it introduces an extra risk.
Also, providers should implement BCP38. The internet community should prepare
a plan to turn it into an enforced standard.
Fortunately, all my servers are either directly referenced to local clocks or
to servers I manage myself, and monitored for locking
and time offset. So no risk from this one.
Rob
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
