Date: Mon, 22 Dec 2014 13:02:18 -0600 From: Mark Felder <feld@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Re: ntpd vulnerabilities Message-ID: <1419274938.916478.205831685.0E7433EA@webmail.messagingengine.com> In-Reply-To: <201412221745.KAA28186@mail.lariat.net> References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> <B6AF154A-FE22-4357-9031-91D661FD7E57@localhost.lu> <F7FACD2F-3AFE-4717-B4B9-B54A6FC70458@localhost.lu> <201412221745.KAA28186@mail.lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote: > I'd like to propose that FreeBSD move to OpenNTPD, which appears to > have none of the > fixed or unfixed (!) vulnerabilities that are present in ntpd. > There's already a port. > Historically OpenNTPD has been dismissed as a candidate because of its reduced accuracy and missing security features. For example, it doesn't implement the NTPv4 functionality or authentication. Quite literally the OpenNTPD is vulnerable to a MITM attack because of the lack of authentication. Their stance has been that you should trust your NTP servers and suggest using a VPN for the NTP traffic. Probably not a bad idea, honestly. I don't have a qualified opinion, but that should get you on the right track if you want to research further.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1419274938.916478.205831685.0E7433EA>