NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p18 was released on 25 May 2024 and addresses 40 bugs and provides 40 improvements.

Please see the NTP 4.2.8p18 Changelog for details.

Bug 3042 - Broadcast interleave
Summary: Broadcast interleave
Status: RESOLVED FIXED
Alias: None
Product: ntp
Classification: Unclassified
Component: ntpd (show other bugs)
Version: 4.2.8
Hardware: PC All
: P2 critical
Assignee: Harlan Stenn
URL:
Depends on:
Blocks:
 
Reported: 2016-05-03 22:40 UTC by Miroslav Lichvar
Modified: 2016-06-02 12:48 UTC (History)
2 users (show)

See Also:
stenn: blocking4.2.8+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Miroslav Lichvar 2016-05-03 22:40:31 UTC

    
Comment 1 Harlan Stenn 2016-05-03 22:44:21 UTC
Miroslav,

Thanks for the report.

Please update the "title" of this bug at: http://bugs.ntp.org/show_bug.cgi?id=3042# (I hope) and make a comment here about what you are seeing.
Comment 2 Harlan Stenn 2016-05-05 05:17:37 UTC
The mitigation for bug 2978 does not cover interleave (FLAG_XB).
Comment 3 Miroslav Lichvar 2016-05-05 12:13:18 UTC
In a network with broadcast clients not using interleaved mode an attacker can send a broadcast packet with spoofed source address and non-zero origin timestamp, which will enable the broadcast interleaved mode on clients. Clients will then process packets from the real server in wrong mode and won't be able to synchronize. This happens even when authentication is enabled.

The interleaved mode should be enabled only when the authentication check passed. When authentication is not enabled, it would be nice if the client was at least able to switch back to non-interleaved mode when a packet with zero origin timestamp is received.
Comment 4 Harlan Stenn 2016-05-24 10:28:09 UTC
STAGED for 4.2.8p8