Vulnerability Development mailing list archives

RE: WINDOWS XP NTP

From: "David Schwartz" <davids () webmaster com>
Date: Tue, 21 Aug 2001 14:58:13 -0700

locutus#ntptrace time.windows.com
time.windows.com: stratum 2, offset 0.002825, synch distance 0.06490
time.nist.gov: stratum 1, offset 0.004652, synch distance
0.00000, refid 'ACTS'

Locutus is most definitely not a windows XP box :)

I'm still guessing that any and all NTP 'sploits are prefectly valid for
Win XP, and even more so, since there is a default attack vector.  You can
get substantial coverage with a script that forges an NTP packet from
time.windows.com (207.46.228.33 according to my dig, but it's
non-authoritative...)  The fun part is they're .60 seconds off NIST:
pathetic for a stratum 2.


        Riddle me this: If your machine's offset to time.windows.com was 2.8
milliseconds and your machine's offset to time.nist.gov was 4.6
milliseconds, how can time.windows.com be off by 600 milliseconds? My tests
show pretty much conclusively that time.windows.com is off from UTC by 10
milliseconds or less and off from time.nist.gov by 4 milliseconds or less.

        DS

Current thread:

WINDOWS XP NTP Dino (Aug 21)
- Re: WINDOWS XP NTP Sam (Aug 21)
- Re: WINDOWS XP NTP John Galt (Aug 21)
  - RE: WINDOWS XP NTP David Schwartz (Aug 21)