[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NIST NTP servers

Subject: NIST NTP servers
From: chuckchurch at gmail.com (Chuck Church)
Date: Wed, 11 May 2016 11:18:29 -0400
In-reply-to: <[email protected]>
References: <CAKdv5965qRG_Qe=xL+=7dcZzeaU2y8xcYXfr7EAAEFnRJ7nnyw@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

-----Original Message-----
>From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Leo Bicknell
>Sent: Wednesday, May 11, 2016 9:31 AM
>To: nanog at nanog.org
>Subject: Re: NIST NTP servers

>Personally, my network gets NTP from 14 stratum 1 sources right now.
>You, and the hacker, do not know which ones.  You have to guess at least
>8 to get me to move to your "hacked" time.  Good luck.

>Redundancy is the solution, not a new single point of failure.  GPS can be part of the redundancy, not a sole solution.

This seems like the most reasonable advise.  If this truly becomes a concern, I would think IPS vendors could implement signatures to look for bad time.  Lots of ways to do this 
- look for a difference between the IPS realtime and NTP status versus the incoming packets.
- look for duplicate NTP responses, or responses that weren't requested 
- duplicate responses, but with differing TTLs, which might hint at one being spoofed.

Chuck

References:
- NIST NTP servers
  - From: freetexwatson at gmail.com (b f)
- NIST NTP servers
  - From: mel at beckman.org (Mel Beckman)
- NIST NTP servers
  - From: msa at latt.net (Majdi S. Abbas)
- NIST NTP servers
  - From: chuckchurch at gmail.com (Chuck Church)
- NIST NTP servers
  - From: gem at rellim.com (Gary E. Miller)
- NIST NTP servers
  - From: mel at beckman.org (Mel Beckman)
- NIST NTP servers
  - From: bicknell at ufp.org (Leo Bicknell)

Prev by Date: NIST NTP servers
Next by Date: NIST NTP servers
Previous by thread: NIST NTP servers
Next by thread: NIST NTP servers
Index(es):
- Date
- Thread