The concern about DoS of the time service is legitimate.

Luckily, there are products:

http://www.greyware.com/software/domaintime/product/w32time.asp
and
http://www.greyware.com/software/domaintime/product/comparisons.asp

- Wilson Mar
http://wilsonmar.com/1clocks.htm

>From: Frank Knobbe <FKnobbeKnobbeITS.com>
>To: "'Jim Harrison (SPG)'" <jmharrmicrosoft.com>, "Castro, Debra S"
><debra.castroeds.com>, focus-mssecurityfocus.com
>Subject: RE: NTP Port Vunerabilities?
>Date: Sat, 29 Sep 2001 01:01:07 -0500
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
> > -----Original Message-----
> > From: Jim Harrison (SPG) [mailto:jmharrmicrosoft.com]
> > Sent: Friday, September 28, 2001 4:13 PM
> >
> > But to answer your question, I can't see much DoS value there,
> > since loss of time sync outside the AD is more of a nuisance than
> > anything else. If they can get in and block client-AD time sync,
> > then
> > they have
> > something useful.
>
>
>I think Debra is asking, is the W32Time service vulnerable to buffer
>overflows (like in CIAC Bulletin L-071) rather than a DoS. Since UDP
>is easily spoofed, someone could preempt a valid time server response
>with a large, nasty, and stack smashing NTP packet...
>
>I'm not aware of a bug in W2K's NTP service, but that doesn't mean
>there is none :)
>
>Regards,
>Frank
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Personal Privacy 6.5.8
>Comment: PGP or S/MIME (X.509) encrypted email preferred.
>
>iQA/AwUBO7Vjo5ytSsEygtEFEQIHjACgiRQmQim5ZIYtWdicUD0KUr5/8CEAn2ib
>QH47PImsoquh5Z91d6PJ/j3x
>=QC02
>-----END PGP SIGNATURE-----

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]