[131448] in North American Network Operators' Group
Re: NTP Server
daemon@ATHENA.MIT.EDU (Matthew Petach)
Sun Oct 24 16:48:50 2010
In-Reply-To: <SNT119-W15B39169090F986ADCF07ADC400@phx.gbl>
Date: Sun, 24 Oct 2010 13:48:35 -0700
From: Matthew Petach <mpetach@netflight.com>
To: Brandon Kim <brandon.kim@brandontek.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Oct 24, 2010 at 8:34 AM, Brandon Kim <brandon.kim@brandontek.com> w=
rote:
>
> Hey guys:
>
> I wanted to open up this question regarding NTP server. I recalled someon=
e had created a posting of this quite awhile back.
> >From a service provider/ISP standpoint, =A0does anyone think that having=
a local NTP server is really necessary?
>
> I've asked some of my fellow engineers at work and many of them gives me =
the same response, "Can't we just use free ones out on the internet?"
Depends on how much you trust other people.
NTP can potentially be used as a DoS vector by your upstream clocks,
if you're not running your own.
I've seen 50,000 servers panic in the blink of an eye when the NTP source
issued a leap second, and the kernel wasn't patched to handle it properly;
and that's a forward leap second. Nobody's tested reverse leap seconds
yet; who knows what would happen to your hosts if your upstream NTP
servers decided to issue a reverse leap second towards you? Granted, if
you choose enough diverse upstream clocks, that becomes more difficult
for someone to exploit; but it's not impossible, and you can't count on
keeping your upstream clock sources secret, given the bidirectional
communication that can take place between NTP servers.
*shrug* It's cheap enough to run your own clock sources, once you're
above a certain size, and it's one less potential attack vector from the
outside; why wouldn't you want to secure your edge against it?
Matt
