NIST NTP servers

Leo Bicknell bicknell at ufp.org
Wed May 11 13:31:27 UTC 2016


In a message written on Tue, May 10, 2016 at 08:23:04PM +0000, Mel Beckman wrote:
> All because of misplaced trust in a tiny UDP packet that can worm its way into your network from anywhere on the Internet.
> 
> I say you’re crazy if you don’t run a GPS-based NTP server, especially given that they cost as little as $300 for very solid gear. Heck, get two or three!

You're replacing one single point of failure with another.

Personally, my network gets NTP from 14 stratum 1 sources right now.
You, and the hacker, do not know which ones.  You have to guess at least
8 to get me to move to your "hacked" time.  Good luck.

Redundancy is the solution, not a new single point of failure.  GPS
can be part of the redundancy, not a sole solution.

-- 
Leo Bicknell - bicknell at ufp.org
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160511/cc4740bb/attachment.pgp>


More information about the NANOG mailing list