Preface: SNTP overflowLogo -Internet Security Systems

SNTP overflow
advICE :Intrusions : 2002907
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

An SNTP frame has been seen with an invalid format.

Details

The Simple Network Time Protocol is used to set the system time accurately to a universal clock. This allows you to synchronize your system's time clock to the correct time.

SNTP works in two modes. In one method, the user installs a software program that runs in the background. This will regularly query a time server, and update the system clock appropriately. In the other mode, time servers will broadcast onto the local wire the current time information. Local machines can listen to these broadcasts in order to discover the current time.

This is a popular protocol, becoming more popular on desktops and servers as more and more people desire to set their clocks accurately.

Trigger

The alert triggers when a data field is longer than 250 bytes. This results from a buffer-overflow exploit designed to break into certain UNIX time servers.

 more information
BugtraqID: 2540   Ntpd Remote Buffer Overflow Vulnerability
 
RFC1769   Simple Network Time Protocol (SNTP)
 
RFC1305   NTP Version 3
 
RFC1119   NTP Version 2
 
RFC1059   NTP Version 1
 
RFC959   NTP Version 0
 
The semi-"official" NTP site  
 

 parametric information
lengthLength of the data
reasonReason for malformed notification
dataData in frame

 
Version appeared: 3.0
Privacy Policy |  Copyright Info