ntpd vulnerabilities
Mark Felder
feld at FreeBSD.org
Mon Dec 22 19:02:25 UTC 2014
On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote:
> I'd like to propose that FreeBSD move to OpenNTPD, which appears to
> have none of the
> fixed or unfixed (!) vulnerabilities that are present in ntpd.
> There's already a port.
>
Historically OpenNTPD has been dismissed as a candidate because of its
reduced accuracy and missing security features. For example, it doesn't
implement the NTPv4 functionality or authentication.
Quite literally the OpenNTPD is vulnerable to a MITM attack because of
the lack of authentication. Their stance has been that you should trust
your NTP servers and suggest using a VPN for the NTP traffic. Probably
not a bad idea, honestly.
I don't have a qualified opinion, but that should get you on the right
track if you want to research further.
More information about the freebsd-security
mailing list