In association with heise online

« previous | next »
10 December 2009, 15:10

NTP update solves denial-of-service problem

Version 4.2.4p8 of NTP, an open source implementation of the Network Time Protocol, fixes a denial-of-service (DoS) flaw that occurs when processing certain request types and can cause high network and CPU loads on a vulnerable server. The problem is based on a ping-pong effect which involves two servers exchanging an endless string of error messages.

The "ping-pong " effect is caused by a flawed mode-7 request that quotes another NTP server as its sender and could, for instance, be sent to an NTP server by an attacker. If the address of the sender is the same as that of the recipient, an NTP server can also loop indefinitely on its own.

See also:

(crve)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-882579

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit