Re: NTp config - for the databases :}

[kees () echelon nl (Kees Hendrikse)]

Bret Watson wrote:

> Just finished an implementation for a client and had the resources to do it
> properly :} here is a listing of overkill in the NTp world...
>
> three server time1,2,3 each referencing six external stratum 1 clocks
> geographically dispersed with no overlap - i.e. 18 stratum 1's in total.
> Each server also peers with the other two.
(..)
> What does this mean in security terms?
>
> NTP is a udp protocol so prediction is not a problem, you just have to wait
> for the outgoing request and reply on that request. As this particular site
> has a single cable going out - its not hard to capture the total traffic.
(..)

There's your single point of failure. If I manage to block all ntp data
going *to* your site I can get complete control over the networks notion of
time by spoofing only **one** of your 18 reference servers. NTP will happily
follow this one phoney server, as long as it believes the other 17 are dead. 
I don't even have to be careful with time changes. Now that the phoney server
is the only reference, NTP will follow it all the way.

Add a couple of radio receivers to the lot (radio-to-ntp boxes are available
for reasonable prices) which gives you in-house stratum-1 servers to
complement the internet servers. 

-- 
Kees Hendrikse                               | email:     kees () echelon nl
                                             | web:        www.echelon.nl
ECHELON consultancy and software development | phone: +31 (0)53 48 36 585
PO Box 545, 7500AM Enschede, The Netherlands | fax:   +31 (0)53 43 36 222