nanog mailing list archives
RE: NIST NTP servers
From: "Chuck Church" <chuckchurch () gmail com>
Date: Wed, 11 May 2016 11:18:29 -0400
-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Leo Bicknell Sent: Wednesday, May 11, 2016 9:31 AM To: nanog () nanog org Subject: Re: NIST NTP servers
Personally, my network gets NTP from 14 stratum 1 sources right now. You, and the hacker, do not know which ones. You have to guess at least 8 to get me to move to your "hacked" time. Good luck.
Redundancy is the solution, not a new single point of failure. GPS can be part of the redundancy, not a sole solution.
This seems like the most reasonable advise. If this truly becomes a concern, I would think IPS vendors could implement signatures to look for bad time. Lots of ways to do this - look for a difference between the IPS realtime and NTP status versus the incoming packets. - look for duplicate NTP responses, or responses that weren't requested - duplicate responses, but with differing TTLs, which might hint at one being spoofed. Chuck
Current thread:
- Re: NIST NTP servers, (continued)
- Re: NIST NTP servers Lamar Owen (May 13)
- Re: NIST NTP servers Mel Beckman (May 13)
- Re: NIST NTP servers Mel Beckman (May 13)
- Re: NIST NTP servers Lamar Owen (May 14)
- Re: NIST NTP servers Laszlo Hanyecz (May 13)
- Re: NIST NTP servers Chuck Anderson (May 13)
- Re: NIST NTP servers Sharon Goldberg (May 13)
- RE: NIST NTP servers John Souvestre (May 12)
- Re: NIST NTP servers Chris Adams (May 12)
- RE: NIST NTP servers John Souvestre (May 12)
- RE: NIST NTP servers Chuck Church (May 11)
- Re: NIST NTP servers George Herbert (May 12)
- RE: NIST NTP servers Allan Liska (May 11)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers Mike (May 10)
- Re: NIST NTP servers Laszlo Hanyecz (May 10)
- Re: NIST NTP servers Harlan Stenn (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)