Re: [chrony-dev] Diagnosing pre-shared key authentication failure

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-dev] Diagnosing pre-shared key authentication failure
From: Avamander <avamander@xxxxxxxxx>
Date: Fri, 14 Oct 2022 12:44:39 +0300
Cc: Hal Murray <halmurray@xxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZH65BKUYlP7TMgEPwr5STpG/hPswVRvfSgyFOcGGu+E=; b=Xc5BgKFzEPHXfDiAyrxjDqJ0fqJImNA0ds4OypBYHIMdiO0rxtUs0C8cIHNir/AwE0 KTNkEu5+UGy1RzNtIuAieSK3Ht+j97acyrdvM7u9fn1fzZhC6a7m0LFvc2zYf1m76s4Y LjFcABONX13P40KpMUD0uRFcbpfyKQOghaKav65fJbrjm/irfaW+swaWmBYsLLU69VP5 /vCw3dRIwbGp1pFiQpWFv4zZprRMMzYSayZ3wBMRZuA8ul5q5McSIDHup9QLjfv+9WZd jqOZxuFs46Hcn9k4A2OA2Cw/Z9zFvO6r2T7ttDLKah4C6Qq+Tpd5EzU5HEBW4tq6Vil2 vH4w==

> With your security team hat on, what would you want to know and what would you
do if you got a report that said IP address xxx had N authentication failures?

Going along with this scenario, I would say it can be considered an authentication failure like all others.

If it's immediately actionable or deserves a report is another topic, but it would probably warrant some attention.

A misconfiguration, potential malicious MITM or the network corrupting packets, all are relatively grave?

On Fri, Oct 14, 2022 at 3:28 AM Hal Murray <halmurray@xxxxxxxxx> wrote:

avamander@xxxxxxxxx said:
> P.S. About logging, some (rate-limited) warnings against such failures would
> actually be very interesting to security teams.

With your security team hat on, what would you want to know and what would you
do if you got a report that said IP address xxx had N authentication failures?

--
These are my opinions. I hate spam.

--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- Re: [chrony-dev] Diagnosing pre-shared key authentication failure
  - From: Avamander
- Re: [chrony-dev] Diagnosing pre-shared key authentication failure
  - From: Hal Murray

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] Diagnosing pre-shared key authentication failure
Next by Date: Re: [chrony-dev] Diagnosing pre-shared key authentication failure
Previous by thread: Re: [chrony-dev] Diagnosing pre-shared key authentication failure
Next by thread: [chrony-dev] [GIT] chrony/chrony.git branch master updated. 4.3-15-g5a39074

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/