Mailing List Archive

Hi,

That plugin (ntp_open) simply states that the NTP service is running, not that
its revealing sensitive information such as CPU types etc, which isn't there in
all versions.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "David Lodge" <dave@cirt.net>
To: "Noam Rathaus" <noamr@beyondsecurity.com>
Sent: Wednesday, September 11, 2002 5:10 PM
Subject: Re: Fw: checked


> > A nice feature of NTP is that it allows you to reveal sensitive
> information on
> > the remote machine. Here is a plugin that does a test to verify this.
>
> Erm.. hate to tell you; but there's already one that does this which I
> wrote in about february: ntp_open.nasl; id 10884
>
> dave
>

Hi,

So I made a mistake, I thought it only verified that the NTP server is alive,
and giving time information, therefore my plugin is redundant.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "David Lodge" <dave@cirt.net>
To: "Noam Rathaus" <noamr@beyondsecurity.com>
Sent: Thursday, September 12, 2002 9:32 PM
Subject: Re: Fw: checked


> > That plugin (ntp_open) simply states that the NTP service is running,
> not that
> > its revealing sensitive information such as CPU types etc, which
> isn't there in
> > all versions.
>
> Erm... I hate to tell you; but it does check for the information - the
> only difference between yours & mine is that yours uses NTPv2; mine
> uses NTPv3...
>
> Maybe it should be fixed to go for the lower level protocol; (but I've
> only ever seen things using NTPv3)
>
> dave
>