On Mon, Dec 22, 2014, at 11:39, Brett Glass wrote:
> I'd like to propose that FreeBSD move to OpenNTPD, which appears to
> have none of the
> fixed or unfixed (!) vulnerabilities that are present in ntpd.
> There's already a port.
>
Historically OpenNTPD has been dismissed as a candidate because of its
reduced accuracy and missing security features. For example, it doesn't
implement the NTPv4 functionality or authentication.
Quite literally the OpenNTPD is vulnerable to a MITM attack because of
the lack of authentication. Their stance has been that you should trust
your NTP servers and suggest using a VPN for the NTP traffic. Probably
not a bad idea, honestly.
I don't have a qualified opinion, but that should get you on the right
track if you want to research further.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
No comments:
Post a Comment