Bret Watson wrote:
> Just finished an implementation for a client and had the resources to do it
> properly :} here is a listing of overkill in the NTp world...
>
> three server time1,2,3 each referencing six external stratum 1 clocks
> geographically dispersed with no overlap - i.e. 18 stratum 1's in total.
> Each server also peers with the other two.
(..)
> What does this mean in security terms?
>
> NTP is a udp protocol so prediction is not a problem, you just have to wait
> for the outgoing request and reply on that request. As this particular site
> has a single cable going out - its not hard to capture the total traffic.
(..)
There's your single point of failure. If I manage to block all ntp data
going *to* your site I can get complete control over the networks notion of
time by spoofing only **one** of your 18 reference servers. NTP will happily
follow this one phoney server, as long as it believes the other 17 are dead.
I don't even have to be careful with time changes. Now that the phoney server
is the only reference, NTP will follow it all the way.
Add a couple of radio receivers to the lot (radio-to-ntp boxes are available
for reasonable prices) which gives you in-house stratum-1 servers to
complement the internet servers.
--
Kees Hendrikse | email: kees_at_echelon.nl
| web: www.echelon.nl
ECHELON consultancy and software development | phone: +31 (0)53 48 36 585
PO Box 545, 7500AM Enschede, The Netherlands | fax: +31 (0)53 43 36 222
Received on Mar 12 1998
Intro
