[109055] in North American Network Operators' Group
Re: NTP Md5 or AutoKey?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Nov 4 04:39:59 2008
Date: Tue, 4 Nov 2008 04:39:41 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <125265.1225781525@turing-police.cc.vt.edu>
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
--Sig_/gCedeZ0aOyz0Tbbf+UXZmf1
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Tue, 04 Nov 2008 01:52:05 -0500
Valdis.Kletnieks@vt.edu wrote:
> On Mon, 03 Nov 2008 22:23:07 PST, Paul Ferguson said:
>=20
> > I'm just wondering -- in globak scheme of security issue, is NTP
> > security a major issue?
>=20
> The biggest problem is that you pretty much have to spoof a server
> that the client is already configured to be accepting NTP packets
> from. And *then* you have to remember that your packets can only lie
> about the time by a very small number of milliseconds or they get
> tossed out by the NTP packet filter that measures the apparent
> jitter. Remember, the *real* clock is also sending correct updates.
> At *best*, you lie like hell, and get the clock thrown out as an
> "insane" timesource. But at that point, a properly configured clock
> will go on autopilot till a quorum of sane clocks reappears, so you
> don't have much chance of wedging in a huge time slew (unless you
> *really* hit the jackpot, and the client reboots and does an ntpdate
> and you manage to cram in enough false packets to mis-set the clock
> then).
>=20
> So in most cases, you can only push the clock around by milliseconds
> - and that doesn't buy you very much room for a replay attack or
> similar, because that's under the retransmit timeout for a lost
> packet. It isn't like you can get away with replaying something from
> 5 minutes ago.
>=20
> Now, if you wanted to be *dastardly*, you'd figure out where a site's
> Stratum-1 server(s) have their GPS antennas, and you'd read the recent
> research on spoofing GPS signals - at *that* point you'd have a good
> chance of controlling the horizontal and vertical....
>=20
http://nob.cs.ucdavis.edu/bishop/papers/1990-acsac/ is old but does
have a good analysis of the problem.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
--Sig_/gCedeZ0aOyz0Tbbf+UXZmf1
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
iQCVAwUBSRAYXU7/+MPD/ExpAQLEGwP/Vpdm0TMgVnnx5Srp6AqxMDVRdOfUghjo
xoPaFwFqQSavEMzGbz/MrD/7qKR0MLVfAvWxQHCEUn5RAWJ4zT+Hxh2UhRr5CkjN
c4P4flVflWjSq9ATTkqcJguqyWzjoJgh4fBEh2thRNbrgFTAJxtLQh0A2dJ4J2EI
rcjnRJ+H+Hk=
=impZ
-----END PGP SIGNATURE-----
--Sig_/gCedeZ0aOyz0Tbbf+UXZmf1--
