nanog mailing list archives
Re: NIST NTP servers
From: Chris Adams <cma () cmadams net>
Date: Tue, 10 May 2016 19:17:50 -0500
Once upon a time, Mel Beckman <mel () beckman org> said:
Boss: So how did a hacker get in and crash our accounting server, break our VPNs, and kill our network performance? IT guy: He changed our clocks.
So, this has been repeated several times (with how bad things will go if your clocks get changed by years). It isn't that easy. First, out of the box, if you use the public pool servers (default config), you'll typically get 4 random (more or less) servers from the pool. There are a bunch, so Joe Random Hacker isn't going to have a high chance of guessing the servers your system is using. Second, he'd have to guess at least three to "win". Third, at best, he'd only be able to change your clocks a little; the common software won't step the clock more than IIRC 15 minutes. Yes, that can cause problems, but not the catastrophes of years in the future or Jan 1, 1970 mentioned in this thread. Is it possible to cause problems? Yes. Is it a practical attack? I'm not so sure, and I haven't seen proof to the contrary. -- Chris Adams <cma () cmadams net>
Current thread:
- RE: NIST NTP servers, (continued)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers David Hubbard (May 10)
- Re: NIST NTP servers Leo Bicknell (May 10)
- Re: NIST NTP servers Mike (May 10)
- Re: NIST NTP servers Laszlo Hanyecz (May 10)
- Re: NIST NTP servers Harlan Stenn (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- Re: NIST NTP servers Mel Beckman (May 10)
- Re: NIST NTP servers Chris Adams (May 10)
- Re: NIST NTP servers Mel Beckman (May 10)
- Re: NIST NTP servers Roland Dobbins (May 10)
- Re: NIST NTP servers Joe Klein (May 10)
- Re: NIST NTP servers Eric Kuhnke (May 10)
- Re: NIST NTP servers Mel Beckman (May 11)
- Re: NIST NTP servers Dovid Bender (May 11)
- Re: NIST NTP servers Steven Miano (May 11)
- Re: NIST NTP servers Laurent Dumont (May 12)
- Re: NIST NTP servers Lyndon Nerenberg (May 12)
- Re: NIST NTP servers Mike (May 10)
- Re: NIST NTP servers Mel Beckman (May 11)