NIST NTP servers

Chuck Church chuckchurch at gmail.com
Tue May 10 14:29:35 UTC 2016


-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Majdi S. Abbas

>	So how does this stop from distributing time to their customers via
NTP?
>	GPS doesn't save the protocol, in particular where the S1 clocks
involved are embedded devices with rather coarse clocks and timestamping.
>	--msa

It doesn't really.  Granted there are a lot of CVEs coming out for NTP the
last year or so.  But I just don't think there are that many attacks on it.
It's just not worth the effort.  Changing time on devices is more an
annoyance than anything, and doesn't necessarily get you into a device.
Sure you can hide your tracks a little by altering time in logs and altering
it back, but that's more of an in-depth nation-state kind of attack, not
going to be a script kiddie kind of thing.  Just follow the best practices
for verifying packet sources and NTP security itself, and you should be ok.

Chuck




More information about the NANOG mailing list