nanog mailing list archives
Re: NIST NTP servers
From: "Gary E. Miller" <gem () rellim com>
Date: Tue, 10 May 2016 13:24:24 -0700
Yo Chuck! On Tue, 10 May 2016 16:18:41 -0400 "Chuck Church" <chuckchurch () gmail com> wrote:
Ok, annoyance might have been a little light on the severity wording.
Yup.
Still, modifying all your incoming NTP packets from all your sources to actually get your NTP servers to agree on a bad time is tricky. That is assuming you've got multiple links, multiple sources from multiple organizations (more than 4), they're all authenticated, etc.
NTP Authentication (autokey) has been broken, and no one used it anyway. If I have a copy of your ntp.conf I can spoof all your chimers. Not hard at all. This is UDP after all.
Even if a criminal was to do all that damage you listed, it still probably doesn't result in obtaining sensitive data or money that would be the main motivators for such extreme hacking.
Correct, it would just get me fired due to the extended downtime. Or maybe my company just decided to pay the ransom to get un-DoS'ed. I still get fired. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 gem () rellim com Tel:+1 541 382 8588
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Re: NIST NTP servers, (continued)
- Re: NIST NTP servers Josh Reynolds (May 10)
- Message not available
- Re: NIST NTP servers Valdis . Kletnieks (May 10)
- Re: NIST NTP servers Eygene Ryabinkin (May 11)
- Re: NIST NTP servers Jean-Francois Mezei (May 12)
- Re: NIST NTP servers Tony Finch (May 13)
- Re: NIST NTP servers Ryan Harden (May 11)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)
- Re: NIST NTP servers Mel Beckman (May 10)
- Re: NIST NTP servers Leo Bicknell (May 11)
- Re: NIST NTP servers Josh Reynolds (May 11)
- Re: NIST NTP servers Mel Beckman (May 11)
- Re: NIST NTP servers Jay R. Ashworth (May 11)
- Re: NIST NTP servers Valdis . Kletnieks (May 11)
- Re: NIST NTP servers Mel Beckman (May 11)
- Re: NIST NTP servers Eric Kuhnke (May 11)
- Re: NIST NTP servers Jean-Francois Mezei (May 12)
- Re: NIST NTP servers Mel Beckman (May 12)