Full Disclosure mailing list archives
Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure
From: gadgeteer () elegantinnovations org
Date: Sun, 22 Aug 2004 09:25:09 -0600
On Fri, Aug 20, 2004 at 10:26:08AM +0400, 3APA3A (3APA3A () SECURITY NNOV RU) wrote: [...]
you state:
If there is a host with reliable time on the network (that is host
synchronized with some hardware source, like radio clocks, cesium
clocks, GPS clocks, etc) - whole network will be finally, after some
time, synchronized with this host.
Depending upon the criticality of the time sensitive applications on
the network, you might want to reconsider the use of "radio clocks"
and especially "GPS clocks". These time sources are also subject to
attacks. Any free air broadcast is subject to jamming. This is
essentially a DoS. Spoofing to provide incorrect time signal is also
possible with free air broadcast, but less easy to do.
[...] For a fixed installation detecting if someone is dinking the gps signal is trivial. The unit starts thinking it is not in Kansas anymore. -- Chief Gadgeteer Elegant Innovations _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure 3APA3A (Aug 20)
- Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure gadgeteer (Aug 22)
- Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure Robert Brown (Aug 22)
- Re: Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure Valdis . Kletnieks (Aug 23)
- Re: Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure stephane nasdrovisky (Aug 23)
- Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure Robert Brown (Aug 22)
- Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure gadgeteer (Aug 22)