nanog mailing list archives
RE: NIST NTP servers
From: "Chuck Church" <chuckchurch () gmail com>
Date: Tue, 10 May 2016 10:29:35 -0400
-----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Majdi S. Abbas
So how does this stop from distributing time to their customers via
NTP?
GPS doesn't save the protocol, in particular where the S1 clocks
involved are embedded devices with rather coarse clocks and timestamping.
--msa
It doesn't really. Granted there are a lot of CVEs coming out for NTP the last year or so. But I just don't think there are that many attacks on it. It's just not worth the effort. Changing time on devices is more an annoyance than anything, and doesn't necessarily get you into a device. Sure you can hide your tracks a little by altering time in logs and altering it back, but that's more of an in-depth nation-state kind of attack, not going to be a script kiddie kind of thing. Just follow the best practices for verifying packet sources and NTP security itself, and you should be ok. Chuck
Current thread:
- Re: NIST NTP servers, (continued)
- Re: NIST NTP servers Steven Miano (May 10)
- Re: NIST NTP servers Stephane Bortzmeyer (May 10)
- Re: NIST NTP servers Valdis . Kletnieks (May 10)
- Re: NIST NTP servers Stephane Bortzmeyer (May 10)
- Re: NIST NTP servers Josh Reynolds (May 10)
- Message not available
- Re: NIST NTP servers Valdis . Kletnieks (May 10)
- Re: NIST NTP servers Eygene Ryabinkin (May 11)
- Re: NIST NTP servers Jean-Francois Mezei (May 12)
- Re: NIST NTP servers Tony Finch (May 13)
- Re: NIST NTP servers Ryan Harden (May 11)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)
- Re: NIST NTP servers Mel Beckman (May 10)
- Re: NIST NTP servers Leo Bicknell (May 11)
- Re: NIST NTP servers Josh Reynolds (May 11)
- Re: NIST NTP servers Mel Beckman (May 11)
- Re: NIST NTP servers Jay R. Ashworth (May 11)
- Re: NIST NTP servers Valdis . Kletnieks (May 11)