nanog mailing list archives
Re: NTP Md5 or AutoKey?
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Tue, 4 Nov 2008 04:39:41 -0500
On Tue, 04 Nov 2008 01:52:05 -0500 Valdis.Kletnieks () vt edu wrote:
On Mon, 03 Nov 2008 22:23:07 PST, Paul Ferguson said:I'm just wondering -- in globak scheme of security issue, is NTP security a major issue?The biggest problem is that you pretty much have to spoof a server that the client is already configured to be accepting NTP packets from. And *then* you have to remember that your packets can only lie about the time by a very small number of milliseconds or they get tossed out by the NTP packet filter that measures the apparent jitter. Remember, the *real* clock is also sending correct updates. At *best*, you lie like hell, and get the clock thrown out as an "insane" timesource. But at that point, a properly configured clock will go on autopilot till a quorum of sane clocks reappears, so you don't have much chance of wedging in a huge time slew (unless you *really* hit the jackpot, and the client reboots and does an ntpdate and you manage to cram in enough false packets to mis-set the clock then). So in most cases, you can only push the clock around by milliseconds - and that doesn't buy you very much room for a replay attack or similar, because that's under the retransmit timeout for a lost packet. It isn't like you can get away with replaying something from 5 minutes ago. Now, if you wanted to be *dastardly*, you'd figure out where a site's Stratum-1 server(s) have their GPS antennas, and you'd read the recent research on spoofing GPS signals - at *that* point you'd have a good chance of controlling the horizontal and vertical....
http://nob.cs.ucdavis.edu/bishop/papers/1990-acsac/ is old but does have a good analysis of the problem. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Attachment:
signature.asc
Description:
Current thread:
- Re: NTP Md5 or AutoKey?, (continued)
- Re: NTP Md5 or AutoKey? Kevin Oberman (Nov 03)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- Re: NTP Md5 or AutoKey? Nathan Ward (Nov 03)
- Re: NTP Md5 or AutoKey? Roland Dobbins (Nov 03)
- RE: NTP Md5 or AutoKey? Deepak Jain (Nov 05)
- Re: NTP Md5 or AutoKey? Valdis . Kletnieks (Nov 03)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- RE: NTP Md5 or AutoKey? Lincoln Dale (Nov 04)
- RE: NTP Md5 or AutoKey? Tony Finch (Nov 04)
- Re: NTP Md5 or AutoKey? Kurt Erik Lindqvist (Nov 06)
- Re: NTP Md5 or AutoKey? Kevin Oberman (Nov 03)
- Re: NTP Md5 or AutoKey? Steven M. Bellovin (Nov 04)
- Re: NTP Md5 or AutoKey? bmanning (Nov 04)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- Re: NTP Md5 or AutoKey? Ask Bjørn Hansen (Nov 15)
- Re: NTP Md5 or AutoKey? Joe Greco (Nov 15)