Am Wed, 21 Oct 2015 22:54:15 -0700 schrieb Rob Seaman <[email protected]>:
> Mark Sims said: > > > Ars Technica just put up a piece on the effects of various attacks > > on NTP with a link to the original paper. > > > > http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/ > > > The Network Time Foundation (through Harlan Stenn’s hard work) has > already released a patch synchronized with the publication of the > referenced paper from Boston University: > > http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/ > > Many of the comments on the Ars Technica piece are quite naive > regarding timekeeping issues. This reflects an ongoing need for > public education that Time-nuts as well as NTF can help supply. > In my opinion, it would be interesting to know if other implementations are affected as well. Until now, I've come across the ntp mentioned above, maintained by the network time foundation. But there's also openntpd, maintained by the OpenBSD guys, and ntimed by PHK, which IIRC both claim to address security. Likely there afre even more out there... But if I read that article on ars technica correctly, it looks like it is something inherent to the ntp protocol itself and the definitions it makes. Poul-Henning, would you care to comment on that for ntimed? Best regards, Florian _______________________________________________ time-nuts mailing list -- [email protected] To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
