> On Oct 21, 2015, at 3:28 PM, Kurt Roeckx <[email protected]> wrote: > >> On Wed, Oct 21, 2015 at 03:13:02PM -0400, Jared Mauch wrote: >> with this public disclosure: http://www.cs.bu.edu/~goldbe/NTPattack.html >> >> And the media coverage: >> >> http://www.csmonitor.com/World/Passcode/2015/1021/Researchers-reveal-how-attackers-could-turn-back-Internet-time > > There is also: > http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html
I'd plan an upgrade. Several remotes and several DoS issues were disclosed beyond the ability to change time, even if you have a local ref clock. > > > Kurt > > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
