DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News
Reload this Page New attacks on Network Time Protocol can defeat HTTPS and create chaos
FAQ Today's Posts Search

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st October 2015
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default New attacks on Network Time Protocol can defeat HTTPS and create chaos
From http://arstechnica.com/security/2015...-create-chaos/

Quote:
Serious weaknesses in the Internet's time-synchronization mechanism can be exploited to cause debilitating outages, snoop on encrypted communications, or tamper with Bitcoin transactions, computer scientists warned Wednesday.

The vulnerabilities reside in the Network Time Protocol, the widely used specification computers use to ensure their internal clocks are accurate. Surprisingly, connections between computers and NTP servers are rarely encrypted, making it possible for hackers to perform man-in-the-middle attacks that reset clocks to times that are months or even years in the past. In a paper published Wednesday titled Attacking the Network Time Protocol, the researchers described several techniques to bypass measures designed to prevent such drastic time shifts. The paper also described ways to prevent large numbers of computers from successfully connecting to synchronization servers.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 21st October 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
  
Join Date: May 2008
Location: USA
Posts: 7,983
Default
http://www.undeadly.org/cgi?action=a...20150210103656

This is a feature that was included with OpenBSD 5.7. Provisioning is described in the CONSTRAINTS section of the ntpd.conf(5) man page.
Reply With Quote
  #3   (View Single Post)  
Old 28th December 2015
Monti Monti is offline
Port Guard
  
Join Date: Apr 2015
Location: In'Da House
Posts: 10
Default
Thanks a lot @jggimi
Last edited by Monti; 1st January 2016 at 02:09 AM.
Reply With Quote
  #4   (View Single Post)  
Old 28th December 2015
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
  
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Tags
ntp

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DoS attacks that took down big game sites abused Web’s time-sync protocol J65nko News 0 9th January 2014 07:34 PM
snownews to support https daemonfowl OpenBSD Packages and Ports 9 26th October 2013 06:13 PM
US and UK spy agencies defeat privacy and security on the internet J65nko News 3 9th September 2013 04:08 PM
Chaos feared after Unix time-zone database is nuked comet--berkeley News 2 16th October 2011 10:50 PM
https ports on PF mug23 OpenBSD Security 5 4th March 2011 10:11 PM


All times are GMT. The time now is 09:12 AM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick