RE: WINDOWS XP NTP
From: David Schwartz (davids@webmaster.com)Date: 08/21/01
- Previous message: Gregory McCann: "Re: Windows XP RC2"
- In reply to: John Galt: "Re: WINDOWS XP NTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Schwartz" <davids@webmaster.com> To: "John Galt" <galt@inconnu.isu.edu>, "Dino" <slayer67@apk.net> Subject: RE: WINDOWS XP NTP Date: Tue, 21 Aug 2001 14:58:13 -0700 Message-ID: <NOEJJDACGOHCKNCOGFOMKEMGDFAA.davids@webmaster.com>
> locutus#ntptrace time.windows.com
> time.windows.com: stratum 2, offset 0.002825, synch distance 0.06490
> time.nist.gov: stratum 1, offset 0.004652, synch distance
> 0.00000, refid 'ACTS'
>
> Locutus is most definitely not a windows XP box :)
>
> I'm still guessing that any and all NTP 'sploits are prefectly valid for
> Win XP, and even more so, since there is a default attack vector. You can
> get substantial coverage with a script that forges an NTP packet from
> time.windows.com (207.46.228.33 according to my dig, but it's
> non-authoritative...) The fun part is they're .60 seconds off NIST:
> pathetic for a stratum 2.
Riddle me this: If your machine's offset to time.windows.com was 2.8
milliseconds and your machine's offset to time.nist.gov was 4.6
milliseconds, how can time.windows.com be off by 600 milliseconds? My tests
show pretty much conclusively that time.windows.com is off from UTC by 10
milliseconds or less and off from time.nist.gov by 4 milliseconds or less.
DS
- Previous message: Gregory McCann: "Re: Windows XP RC2"
- In reply to: John Galt: "Re: WINDOWS XP NTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
