Yo Chuck! On Tue, 10 May 2016 16:18:41 -0400 "Chuck Church" <chuckchurch@gmail.com> wrote:
Ok, annoyance might have been a little light on the severity wording.
Yup.
Still, modifying all your incoming NTP packets from all your sources to actually get your NTP servers to agree on a bad time is tricky. That is assuming you've got multiple links, multiple sources from multiple organizations (more than 4), they're all authenticated, etc.
NTP Authentication (autokey) has been broken, and no one used it anyway. If I have a copy of your ntp.conf I can spoof all your chimers. Not hard at all. This is UDP after all.
Even if a criminal was to do all that damage you listed, it still probably doesn't result in obtaining sensitive data or money that would be the main motivators for such extreme hacking.
Correct, it would just get me fired due to the extended downtime. Or maybe my company just decided to pay the ransom to get un-DoS'ed. I still get fired. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem@rellim.com Tel:+1 541 382 8588