NIST NTP servers

[chuckchurch at gmail.com (Chuck Church)]

True, but I did mention verifying packet sources.  That needs to happen everywhere, and it's not hard to do.  Just getting everyone to do it is tough.

Chuck

-----Original Message-----
From: Allan Liska [mailto:allan at allan.org] 
Sent: Tuesday, May 10, 2016 10:40 AM
To: Chuck Church <chuckchurch at gmail.com>; 'Majdi S. Abbas' <msa at latt.net>; nanog at nanog.org
Subject: RE: NIST NTP servers



On 5/10/2016 at 10:30 AM, "Chuck Church" <chuckchurch at gmail.com> wrote:

>
>It doesn't really.  Granted there are a lot of CVEs coming out for NTP 
>the last year or so.  But I just don't think there are that many 
>attacks on it.
>It's just not worth the effort.  Changing time on devices is more an 
>annoyance than anything, and doesn't necessarily get you into a device.
>Sure you can hide your tracks a little by altering time in logs and 
>altering it back, but that's more of an in-depth nation-state kind of 
>attack, not going to be a script kiddie kind of thing.  Just follow the 
>best practices for verifying packet sources and NTP security itself, 
>and you should be ok.
>
>Chuck

I would argue that the fact the NTP can, and has been, be used in DDoS amplification attacks is a serious concern for using protocol going forward.



allan