[Yeti DNS Discuss] Yeti back to the future

"Davey(宋林健)" ljsong at biigroup.cn
Fri Oct 23 07:56:50 UTC 2015


Interesting! I have no idea in this regard , but there is no such discussion or document in RSSAC or SSAC on NTP attack, as far as I know. 

> 在 2015年10月23日,15:13,Stephane Bortzmeyer <bortzmeyer at nic.fr> 写道:
> 
> I was reviewing the security of the Dahu machines in the light of the
> NTP Back to the Future attack
> <http://www.cs.bu.edu/~goldbe/NTPattack.html>, specially since their
> paper often mentions DNS.
> 
> Am I right in saying that the offset of the clock is not very
> important for an authoritative name server (besides sysadmin issues
> like having exploitable logs)? An authoritative DNS server (unlike a
> validating resolver, or a signer) does not care about the time, no?
> 
> Four of the Yeti root name servers reply to NTP queries and three of
> them give a complete reply.
> 
> % for server in $(dig +short +nodnssec @dahu1.yeti.eu.org NS .); do
>   printf "%s: " $server; /usr/lib/monitoring-plugins/check_ntp_time  -H $server
> done
> bii.dns-lab.net.: NTP CRITICAL: No response from NTP server
> yeti.bofh.priv.at.: NTP CRITICAL: No response from NTP server
> yeti.ipv6.ernet.in.: NTP CRITICAL: No response from NTP server
> yeti.aquaray.com.: NTP CRITICAL: No response from NTP server
> dahu1.yeti.eu.org.: NTP CRITICAL: Offset unknown|
> dahu2.yeti.eu.org.: NTP CRITICAL: No response from NTP server
> ns-yeti.bondis.org.: NTP OK: Offset -0.04610881209 secs|offset=-0.046109s;60.000000;120.000000;
> yeti-ns.ix.ru.: NTP CRITICAL: No response from NTP server
> yeti-ns.tisf.net.: NTP CRITICAL: No response from NTP server
> yeti-ns.wide.ad.jp.: NTP OK: Offset 0.004776269197 secs|offset=0.004776s;60.000000;120.000000;
> yeti-ns.conit.co.: NTP CRITICAL: No response from NTP server
> yeti-ns.as59715.net.: NTP CRITICAL: No response from NTP server
> yeti-dns01.dnsworkshop.org.: NTP OK: Offset -0.001009911299 secs|offset=-0.001010s;60.000000;120.000000;
> yeti-ns.switch.ch.: NTP CRITICAL: No response from NTP server
> _______________________________________________
> discuss mailing list
> discuss at lists.yeti-dns.org
> http://lists.yeti-dns.org/mailman/listinfo/discuss

---------------------------
Davey Song(宋林健)
BII Lab
ljsong at biigroup.cn



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20151023/7950874e/attachment.html>


More information about the discuss mailing list