Re: [chrony-dev] Diagnosing pre-shared key authentication failure

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


> With your security team hat on, what would you want to know and what would you
do if you got a report that said IP address xxx had N authentication failures?

Going along with this scenario, I would say it can be considered an authentication failure like all others. 

If it's immediately actionable or deserves a report is another topic, but it would probably warrant some attention.
A misconfiguration, potential malicious MITM or the network corrupting packets, all are relatively grave?

On Fri, Oct 14, 2022 at 3:28 AM Hal Murray <halmurray@xxxxxxxxx> wrote:

avamander@xxxxxxxxx said:
> P.S. About logging, some (rate-limited) warnings against such failures would
> actually be very interesting to security teams.

With your security team hat on, what would you want to know and what would you
do if you got a report that said IP address xxx had N authentication failures?



--
These are my opinions.  I hate spam.




--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/