11 May
2016
11 May
'16
11:13 p.m.
Harlan Stenn writes:
Sharon Goldberg writes:
Well, if you really want to learn about the NTP servers a target is using you can always just sent them a regular NTP timing query (mode 3) and just read off the IP address in the reference ID field of the response (mode 4).
Unless the server is an IPv6 server. This trick only works for IPv4.
And we have a fix for all of this that will be out soon.
Also, the attacker will need to know the correct origin timestamp for the brief window where that attack will work, and even if this happens either the client or the server will see syslog entries alerting to the abuse (if folks are running new enough versions of ntpd). H