nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: NIST NTP servers

From: "Chuck Church" <chuckchurch () gmail com>
Date: Tue, 10 May 2016 10:29:35 -0400
-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Majdi S. Abbas


      So how does this stop from distributing time to their customers via

NTP?

      GPS doesn't save the protocol, in particular where the S1 clocks

involved are embedded devices with rather coarse clocks and timestamping.

      --msa


It doesn't really.  Granted there are a lot of CVEs coming out for NTP the
last year or so.  But I just don't think there are that many attacks on it.
It's just not worth the effort.  Changing time on devices is more an
annoyance than anything, and doesn't necessarily get you into a device.
Sure you can hide your tracks a little by altering time in logs and altering
it back, but that's more of an in-depth nation-state kind of attack, not
going to be a script kiddie kind of thing.  Just follow the best practices
for verifying packet sources and NTP security itself, and you should be ok.

Chuck
Previous By Date Next
Previous By Thread Next

Current thread: