nanog mailing list archives
Re: NTP Md5 or AutoKey?
From: "Glen Kent" <glen.kent () gmail com>
Date: Tue, 4 Nov 2008 14:17:26 +0530
I dont think this is correct. I have seen routing protocol adjacencies going down because of some perturbations in NTP. I understand, any router implementation worth its salt would not use the NTP clock internally, but i have seen some real life issues where OSPF went down because the time moved ahead and it thought that it hadnt heard from the neighbor since a long time. All such bugs were eventually fixed, but this is just one example. There is an emerging need to distribute highly accurate time information over IP and over MPLS packet switched networks (PSNs). A variety of applications require time information to a precision which existing protocols cannot supply. TICTOC is an IETF WG created to develop solutions that meet the requirements of such protocols and applications. Glen
On Tue, Nov 4, 2008 at 12:22 PM, <Valdis.Kletnieks () vt edu> wrote: On Mon, 03 Nov 2008 22:23:07 PST, Paul Ferguson said:I'm just wondering -- in globak scheme of security issue, is NTP security a major issue?The biggest problem is that you pretty much have to spoof a server that the client is already configured to be accepting NTP packets from. And *then* you have to remember that your packets can only lie about the time by a very small number of milliseconds or they get tossed out by the NTP packet filter that measures the apparent jitter. Remember, the *real* clock is also sending correct updates. At *best*, you lie like hell, and get the clock thrown out as an "insane" timesource. But at that point, a properly configured clock will go on autopilot till a quorum of sane clocks reappears, so you don't have much chance of wedging in a huge time slew (unless you *really* hit the jackpot, and the client reboots and does an ntpdate and you manage to cram in enough false packets to mis-set the clock then). So in most cases, you can only push the clock around by milliseconds - and that doesn't buy you very much room for a replay attack or similar, because that's under the retransmit timeout for a lost packet. It isn't like you can get away with replaying something from 5 minutes ago. Now, if you wanted to be *dastardly*, you'd figure out where a site's Stratum-1 server(s) have their GPS antennas, and you'd read the recent research on spoofing GPS signals - at *that* point you'd have a good chance of controlling the horizontal and vertical....
Current thread:
- NTP Md5 or AutoKey? Glen Kent (Nov 03)
- Re: NTP Md5 or AutoKey? Paul Ferguson (Nov 03)
- Re: NTP Md5 or AutoKey? Kevin Oberman (Nov 03)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- Re: NTP Md5 or AutoKey? Nathan Ward (Nov 03)
- Re: NTP Md5 or AutoKey? Roland Dobbins (Nov 03)
- RE: NTP Md5 or AutoKey? Deepak Jain (Nov 05)
- Re: NTP Md5 or AutoKey? Valdis . Kletnieks (Nov 03)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- RE: NTP Md5 or AutoKey? Lincoln Dale (Nov 04)
- RE: NTP Md5 or AutoKey? Tony Finch (Nov 04)
- Re: NTP Md5 or AutoKey? Kurt Erik Lindqvist (Nov 06)
- Re: NTP Md5 or AutoKey? Kevin Oberman (Nov 03)
- Re: NTP Md5 or AutoKey? Steven M. Bellovin (Nov 04)
- Re: NTP Md5 or AutoKey? Paul Ferguson (Nov 03)
- Re: NTP Md5 or AutoKey? bmanning (Nov 04)
- Re: NTP Md5 or AutoKey? Glen Kent (Nov 04)
- Re: NTP Md5 or AutoKey? Ask Bjørn Hansen (Nov 15)
- Re: NTP Md5 or AutoKey? Joe Greco (Nov 15)