Re: NTP Server

[Marshall Eubanks <tme () americafree tv>]

On Oct 24, 2010, at 4:48 PM, Matthew Petach wrote:

> On Sun, Oct 24, 2010 at 8:34 AM, Brandon Kim <brandon.kim () brandontek com> wrote:
> > Hey guys:
> >
> > I wanted to open up this question regarding NTP server. I recalled someone had created a posting of this quite 
> > awhile back.
> > > From a service provider/ISP standpoint,  does anyone think that having a local NTP server is really necessary?
> >
> > I've asked some of my fellow engineers at work and many of them gives me the same response, "Can't we just use free 
> > ones out on the internet?"
>
> Depends on how much you trust other people.
> NTP can potentially be used as a DoS vector by your upstream clocks,
> if you're not running your own.
>
> I've seen 50,000 servers panic in the blink of an eye when the NTP source
> issued a leap second, and the kernel wasn't patched to handle it properly;
> and that's a forward leap second.  Nobody's tested reverse leap seconds
> yet; who knows what would happen to your hosts if your upstream NTP
> servers decided to issue a reverse leap second towards you?

Negative leap seconds are certainly possible, and 20 years ago (when I was working for the USNO Directorate of Time) 
I thought that the currents down in the
core might be going to give us a few; I have often wondered how many systems would choke on this.

Regards
Marshall

>  Granted, if
> you choose enough diverse upstream clocks, that becomes more difficult
> for someone to exploit; but it's not impossible, and you can't count on
> keeping your upstream clock sources secret, given the bidirectional
> communication that can take place between NTP servers.
>
> *shrug*  It's cheap enough to run your own clock sources, once you're
> above a certain size, and it's one less potential attack vector from the
> outside; why wouldn't you want to secure your edge against it?
>
> Matt