NTP BUG 3110: Windows: ntpd DoS by oversized UDP packet
Last update: April 22, 2024 18:49 UTC (7e7bd5857)
Summary
Description
If a vulnerable instance of ntpd
on Windows receives a crafted malicious packet that is “too big”, ntpd
will stop working.
Mitigation
- Implement BCP-38.
- Implement a firewall rule blocking oversized NTP packets.
- Upgrade to 4.2.8p9 or later.
- Properly monitor your
ntpd
instances, and auto-restart ntpd
(without -g
) if it stops running.
Credit
This weakness was discovered by Robert Pajak of ABB.
Timeline