Hi, On 18-Jan-01 Christian Schweingruber wrote:
hi
is there a risk to open the firewall to the internet for port 123 (TCP and UDP) for synchronisation (NetworkTimeProtokol)?
AFAIK there's no handy way to exploit this protocol and/or certain applications (xntp, ntpdate) in order to root a machine. Problem here may be timing or replay attacks with a clock forgery beforhand and a replay of certain traffic afterwards. There are a number of tools which can be used for this. However, this is a quite esoteric approach and is not very common amongst 'dem black hatz because ntp does not synch all clocks in one big rush but corrects them slowly. A timing attack therefore would have a very, very small window, almost too small for most of the script kids I suppose. If you want to synchronize your servers via the net you should choose only a few (or a single) ntp host(s). Anyway, it's highly recommended to use radio controlled clocks to supply your hosts with a correct time setting. These clocks are supported by linux and are not too expensive. Boris
Greetings Chrigu Schweingruber
-- Homepage: http://www.kolk.ch/chrigu http://www.catatec.ch PGP key: http://www.kolk.ch/chrigu/Pgp.txt
phone: +41 31 330 26 33 priv. +41 31 330 26 30 b�ro +41 31 330 26 32 FAX
icq#: 27628141
---
Boris Lorenz