On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote:> I'd like to propose that FreeBSD move to OpenNTPD, which appears to > have none of the > fixed or unfixed (!) vulnerabilities that are present in ntpd. > There's already a port. >Historically OpenNTPD has been dismissed as a candidate because of its reduced accuracy and missing security features. For example, it doesn't implement the NTPv4 functionality or authentication. Quite literally the OpenNTPD is vulnerable to a MITM attack because of the lack of authentication. Their stance has been that you should trust your NTP servers and suggest using a VPN for the NTP traffic. Probably not a bad idea, honestly. I don't have a qualified opinion, but that should get you on the right track if you want to research further.
Hi Mark, On 22 December 2014 at 11:02, Mark Felder <feld at freebsd.org> wrote:> On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote: >> I'd like to propose that FreeBSD move to OpenNTPD, which appears to >> have none of the >> fixed or unfixed (!) vulnerabilities that are present in ntpd. >> There's already a port. >> > > Historically OpenNTPD has been dismissed as a candidate because of its > reduced accuracy and missing security features. For example, it doesn't > implement the NTPv4 functionality or authentication. > > Quite literally the OpenNTPD is vulnerable to a MITM attack because of > the lack of authentication. Their stance has been that you should trust > your NTP servers and suggest using a VPN for the NTP traffic. Probably > not a bad idea, honestly.Would you say a MITM attack is similar to a forged ntp reply? If so, have you seen this: http://quigon.bsws.de/papers/opencon04/ntpd/mgp00018.html> > I don't have a qualified opinion, but that should get you on the right > track if you want to research further.-- ------- inum: 883510009027723 sip: jungleboogie at sip2sip.info xmpp: jungle-boogie at jit.si
-------- In message <1419274938.916478.205831685.0E7433EA at webmail.messagingengine.com>, Mark Felder writes:>On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote: >> I'd like to propose that FreeBSD move to OpenNTPD, which appears to >> have none of the >> fixed or unfixed (!) vulnerabilities that are present in ntpd. >> There's already a port. > >Historically OpenNTPD has been dismissed as a candidate because of its >reduced accuracy and missing security features. For example, it doesn't >implement the NTPv4 functionality or authentication.The entire question of authenticated time-protocols is very, very hairy. The currently available protocols leave a lot to be desired, both in terms of timekeeping, cryptography or (DoS) attack resistance. Most people who need authenticated time run their own stratum-1 server, typically with a GPS receiver, some times more elaborate than that. My main objection to OpenNTPD is not the lack of crypto, but that it's timekeeping isn't good enough, and that it is an evolutionary dead end. As you may have noticed I released a first preview of Ntimed yesterday. My goals for the ntimed-client program can almost be summarized as "Replacement for NTPD in FreeBSD's base system". I don't think it makes sense to take the discussion if we should import Ntimed into FreeBSD's source tree, until I have the first production release ready. There are good arguments both ways so details will matter. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.