Re: NTP Md5 or AutoKey?

["Steven M. Bellovin" <smb () cs columbia edu>]

On Tue, 04 Nov 2008 01:52:05 -0500
Valdis.Kletnieks () vt edu wrote:

> On Mon, 03 Nov 2008 22:23:07 PST, Paul Ferguson said:
>
> > I'm just wondering -- in globak scheme of security issue, is NTP
> > security a major issue?
>
> The biggest problem is that you pretty much have to spoof a server
> that the client is already configured to be accepting NTP packets
> from.  And *then* you have to remember that your packets can only lie
> about the time by a very small number of milliseconds or they get
> tossed out by the NTP packet filter that measures the apparent
> jitter. Remember, the *real* clock is also sending correct updates.
> At *best*, you lie like hell, and get the clock thrown out as an
> "insane" timesource.  But at that point, a properly configured clock
> will go on autopilot till a quorum of sane clocks reappears, so you
> don't have much chance of wedging in a huge time slew (unless you
> *really* hit the jackpot, and the client reboots and does an ntpdate
> and you manage to cram in enough false packets to mis-set the clock
> then).
>
> So in most cases, you can only push the clock around by milliseconds
> - and that doesn't buy you very much room for a replay attack or
> similar, because that's under the retransmit timeout for a lost
> packet.  It isn't like you can get away with replaying something from
> 5 minutes ago.
>
> Now, if you wanted to be *dastardly*, you'd figure out where a site's
> Stratum-1 server(s) have their GPS antennas, and you'd read the recent
> research on spoofing GPS signals - at *that* point you'd have a good
> chance of controlling the horizontal and vertical....
http://nob.cs.ucdavis.edu/bishop/papers/1990-acsac/ is old but does
have a good analysis of the problem.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Attachment: signature.asc
Description: