[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NIST NTP servers

Subject: NIST NTP servers
From: allan at allan.org (Allan Liska)
Date: Tue, 10 May 2016 10:40:23 -0400
In-reply-to: <[email protected]>
References: <CAKdv5965qRG_Qe=xL+=7dcZzeaU2y8xcYXfr7EAAEFnRJ7nnyw@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]>


On 5/10/2016 at 10:30 AM, "Chuck Church" <chuckchurch at gmail.com> wrote:

>
>It doesn't really.  Granted there are a lot of CVEs coming out for 
>NTP the
>last year or so.  But I just don't think there are that many 
>attacks on it.
>It's just not worth the effort.  Changing time on devices is more 
>an
>annoyance than anything, and doesn't necessarily get you into a 
>device.
>Sure you can hide your tracks a little by altering time in logs 
>and altering
>it back, but that's more of an in-depth nation-state kind of 
>attack, not
>going to be a script kiddie kind of thing.  Just follow the best 
>practices
>for verifying packet sources and NTP security itself, and you 
>should be ok.
>
>Chuck

I would argue that the fact the NTP can, and has been, be used in DDoS amplification attacks is a serious concern for using protocol going forward.



allan

Follow-Ups:
- NIST NTP servers
  - From: chuckchurch at gmail.com (Chuck Church)

References:
- NIST NTP servers
  - From: freetexwatson at gmail.com (b f)
- NIST NTP servers
  - From: mel at beckman.org (Mel Beckman)
- NIST NTP servers
  - From: msa at latt.net (Majdi S. Abbas)
- NIST NTP servers
  - From: chuckchurch at gmail.com (Chuck Church)

Prev by Date: NIST NTP servers
Next by Date: NIST NTP servers
Previous by thread: NIST NTP servers
Next by thread: NIST NTP servers
Index(es):
- Date
- Thread