NIST NTP servers

Sharon Goldberg goldbe at cs.bu.edu
Fri May 13 14:52:14 UTC 2016 

Since we are on the subject, I would strongly recommend that you don't run
NTP on Linux 2.2.13, since its especially vulnerable to our IPv4
fragmentation attack.  "SunOS" also seems vulnerable, but I am not 100%
sure what systems that say they are "SunOS" actually are.  These OS will
fragment packets to 64 bytes, and are vulnerable to frag attacks using
"tiny" fragments.

See Section VI of our paper:
https://eprint.iacr.org/2015/1020.pdf

You can also test your OS here (scroll to the bottom).
http://www.cs.bu.edu/~goldbe/NTPattack.html


On Fri, May 13, 2016 at 10:46 AM, Chuck Anderson <cra at wpi.edu> wrote:

> On Fri, May 13, 2016 at 10:12:49AM -0400, Lamar Owen wrote:
> > On 05/11/2016 09:46 PM, Josh Reynolds wrote:
> > >maybe try [setting up an NTP server] with an odroid?
> > >
> > ...
> >
> > I have several ODroid C2's, and the first thing to note about them
> > is that there is no RTC at all.  Also, the oscillator is just a
> > garden-variety non-temperature-compensated quartz crystal, and not
> > necessarily a very precise one, either (precise quartz oscillators
> > can cost more than the whole ODroid board costs).  The XU4 and other
> > ODroid devices make nice single-board ARM computers, but have pretty
> > ratty oscillator precision.
> >
> > You really have to have at least a temperature compensated quartz
> > crystal oscillator (TCXO) to even begin to think about an NTP
> > server, for anything but the most rudimentary of timing.  Ovenized
> > quartz oscillators (OCXO) and rubidium standards are the next step
> > up, and most reasonably good GPS-disciplined clocks have at least an
> > ovenized quartz oscillator module (the Agilent Z3816 and kin are of
> > this type).
>
> Does anyone know of any COTS NTP servers that are based on non-ancient
> Linux kernel versions?  In 2012 we bought new GPS/CDMA NTP servers
> with OCXO that are based on Linux 2.4, but they are fiddly as you can
> imagine with such an ancient software stack.
>
> What would people recommend for NTP server hardware/software?
>
>


-- 
Sharon Goldberg
Computer Science, Boston University
http://www.cs.bu.edu/~goldbe

More information about the NANOG mailing list