Re: NIST NTP servers

[Mel Beckman <mel () beckman org>]

Accurate time to the millisecond is pretty much essential for any network troubleshooting. Say you want to diagnose a 
SIP problem. You collect transaction logs from both phones, the VoIP gateway, and the PBX. Now you try to merge them to 
derive the sequence of events. You NEED millisecond accuracy.

But more importantly, Gary is right about the risks. I’ve had several customers receive major NTP DoS attacks using 
forged source addresses. In today’s Internet, there is very little source address verification (despite several 
mechanisms being proposed). Everyone relies on the originating network preventing spoofing, but thousands of ISPs — 
particularly overseas — do not do spoof checks. 

And the issues of NTP pollution are even more dangerous. As Gary notes, changing dates is a risk. A big enough change 
(say 30 days) would be catastrophic to most accounting systems. A big leap — a year or more — could expire software 
license and disable all kinds of encryption. We haven’t even discussed multi-stage attacks, where NTP is used to 
disrupt systems at multiple points, and then the attacker storms in and takes over unnoticed during the confusion.

All because of misplaced trust in a tiny UDP packet that can worm its way into your network from anywhere on the 
Internet.

I say you’re crazy if you don’t run a GPS-based NTP server, especially given that they cost as little as $300 for very 
solid gear. Heck, get two or three!

 -mel

> On May 10, 2016, at 12:58 PM, Gary E. Miller <gem () rellim com> wrote:
>
> Yo Chuck!
>
> On Tue, 10 May 2016 10:29:35 -0400
> "Chuck Church" <chuckchurch () gmail com> wrote:
>
> > Changing time on
> > devices is more an annoyance than anything, and doesn't necessarily
> > get you into a device.
>
> So, you are not worried about getting DoS'ed?
>
> How about you set the time on your server ahead by 5 years.  Got any
> idea what would happen?
>
> Most of your passwords would expire.
>
> All your SSL certs would expire.
>
> All your TOTPs, like Google Authenticator would fail.
>
> All your IPSEC tunnels would drop, and refuse to restart.
>
> Many of your cron jobs would got nuts, possibly deleting all your logs.
>
> Much of your DNSSEC would expire.
>
> Many of your backups would be deleted since they 'expired'.
>
> Until recently, setting your iPhone to 1 Jan 1970 would brick it.
>
> I'm sure there are many more examples, but likely you can no longer log
> in, via SSH or HTTPS, and your iPhone is dead.  I think any of those
> would qualify as more than an annoyance.
>
> RGDS
> GARY
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
>       gem () rellim com  Tel:+1 541 382 8588