nanog mailing list archives
RE: NIST NTP servers
From: "Chuck Church" <chuckchurch () gmail com>
Date: Tue, 10 May 2016 10:57:27 -0400
True, but I did mention verifying packet sources. That needs to happen everywhere, and it's not hard to do. Just getting everyone to do it is tough. Chuck -----Original Message----- From: Allan Liska [mailto:allan () allan org] Sent: Tuesday, May 10, 2016 10:40 AM To: Chuck Church <chuckchurch () gmail com>; 'Majdi S. Abbas' <msa () latt net>; nanog () nanog org Subject: RE: NIST NTP servers On 5/10/2016 at 10:30 AM, "Chuck Church" <chuckchurch () gmail com> wrote:
It doesn't really. Granted there are a lot of CVEs coming out for NTP the last year or so. But I just don't think there are that many attacks on it. It's just not worth the effort. Changing time on devices is more an annoyance than anything, and doesn't necessarily get you into a device. Sure you can hide your tracks a little by altering time in logs and altering it back, but that's more of an in-depth nation-state kind of attack, not going to be a script kiddie kind of thing. Just follow the best practices for verifying packet sources and NTP security itself, and you should be ok. Chuck
I would argue that the fact the NTP can, and has been, be used in DDoS amplification attacks is a serious concern for using protocol going forward. allan
Current thread:
- Re: NIST NTP servers, (continued)
- Re: NIST NTP servers Lamar Owen (May 14)
- Re: NIST NTP servers Laszlo Hanyecz (May 13)
- Re: NIST NTP servers Chuck Anderson (May 13)
- Re: NIST NTP servers Sharon Goldberg (May 13)
- RE: NIST NTP servers John Souvestre (May 12)
- Re: NIST NTP servers Chris Adams (May 12)
- RE: NIST NTP servers John Souvestre (May 12)
- RE: NIST NTP servers Chuck Church (May 11)
- Re: NIST NTP servers George Herbert (May 12)
- RE: NIST NTP servers Allan Liska (May 11)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers Mike (May 10)
- Re: NIST NTP servers Laszlo Hanyecz (May 10)
- Re: NIST NTP servers Harlan Stenn (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- Re: NIST NTP servers Mel Beckman (May 10)
- Re: NIST NTP servers Chris Adams (May 10)