nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: NIST NTP servers

From: "Chuck Church" <chuckchurch () gmail com>
Date: Tue, 10 May 2016 10:57:27 -0400
True, but I did mention verifying packet sources.  That needs to happen everywhere, and it's not hard to do.  Just 
getting everyone to do it is tough.

Chuck

-----Original Message-----
From: Allan Liska [mailto:allan () allan org] 
Sent: Tuesday, May 10, 2016 10:40 AM
To: Chuck Church <chuckchurch () gmail com>; 'Majdi S. Abbas' <msa () latt net>; nanog () nanog org
Subject: RE: NIST NTP servers



On 5/10/2016 at 10:30 AM, "Chuck Church" <chuckchurch () gmail com> wrote:



It doesn't really.  Granted there are a lot of CVEs coming out for NTP 
the last year or so.  But I just don't think there are that many 
attacks on it.
It's just not worth the effort.  Changing time on devices is more an 
annoyance than anything, and doesn't necessarily get you into a device.
Sure you can hide your tracks a little by altering time in logs and 
altering it back, but that's more of an in-depth nation-state kind of 
attack, not going to be a script kiddie kind of thing.  Just follow the 
best practices for verifying packet sources and NTP security itself, 
and you should be ok.

Chuck


I would argue that the fact the NTP can, and has been, be used in DDoS amplification attacks is a serious concern for 
using protocol going forward.



allan
Previous By Date Next
Previous By Thread Next

Current thread: