nanog mailing list archives

Re: NIST NTP servers

From: Sharon Goldberg <goldbe () cs bu edu>
Date: Fri, 13 May 2016 10:52:14 -0400

Since we are on the subject, I would strongly recommend that you don't run
NTP on Linux 2.2.13, since its especially vulnerable to our IPv4
fragmentation attack.  "SunOS" also seems vulnerable, but I am not 100%
sure what systems that say they are "SunOS" actually are.  These OS will
fragment packets to 64 bytes, and are vulnerable to frag attacks using
"tiny" fragments.

See Section VI of our paper:
https://eprint.iacr.org/2015/1020.pdf

You can also test your OS here (scroll to the bottom).
http://www.cs.bu.edu/~goldbe/NTPattack.html


On Fri, May 13, 2016 at 10:46 AM, Chuck Anderson <cra () wpi edu> wrote:

On Fri, May 13, 2016 at 10:12:49AM -0400, Lamar Owen wrote:

On 05/11/2016 09:46 PM, Josh Reynolds wrote:

maybe try [setting up an NTP server] with an odroid?

...

I have several ODroid C2's, and the first thing to note about them
is that there is no RTC at all.  Also, the oscillator is just a
garden-variety non-temperature-compensated quartz crystal, and not
necessarily a very precise one, either (precise quartz oscillators
can cost more than the whole ODroid board costs).  The XU4 and other
ODroid devices make nice single-board ARM computers, but have pretty
ratty oscillator precision.

You really have to have at least a temperature compensated quartz
crystal oscillator (TCXO) to even begin to think about an NTP
server, for anything but the most rudimentary of timing.  Ovenized
quartz oscillators (OCXO) and rubidium standards are the next step
up, and most reasonably good GPS-disciplined clocks have at least an
ovenized quartz oscillator module (the Agilent Z3816 and kin are of
this type).


Does anyone know of any COTS NTP servers that are based on non-ancient
Linux kernel versions?  In 2012 we bought new GPS/CDMA NTP servers
with OCXO that are based on Linux 2.4, but they are fiddly as you can
imagine with such an ancient software stack.

What would people recommend for NTP server hardware/software?



-- 
Sharon Goldberg
Computer Science, Boston University
http://www.cs.bu.edu/~goldbe

Current thread:

Re: NIST NTP servers, (continued)
- - - Re: NIST NTP servers Jon Meek (May 11)
    - Re: NIST NTP servers Josh Reynolds (May 11)
    - Re: NIST NTP servers Lamar Owen (May 13)
    - Re: NIST NTP servers Mel Beckman (May 13)
    - Re: NIST NTP servers Lamar Owen (May 13)
    - Re: NIST NTP servers Mel Beckman (May 13)
    - Re: NIST NTP servers Mel Beckman (May 13)
    - Re: NIST NTP servers Lamar Owen (May 14)
    - Re: NIST NTP servers Laszlo Hanyecz (May 13)
    - Re: NIST NTP servers Chuck Anderson (May 13)
    - Re: NIST NTP servers Sharon Goldberg (May 13)
    - RE: NIST NTP servers John Souvestre (May 12)
    - Re: NIST NTP servers Chris Adams (May 12)
    - RE: NIST NTP servers John Souvestre (May 12)
    - RE: NIST NTP servers Chuck Church (May 11)
    - Re: NIST NTP servers George Herbert (May 12)
    - RE: NIST NTP servers Allan Liska (May 11)
    - RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers David Hubbard (May 10)
- Re: NIST NTP servers Leo Bicknell (May 10)
  - Re: NIST NTP servers Mike (May 10)

(Thread continues...)