[131449] in North American Network Operators' Group
Re: NTP Server
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Sun Oct 24 16:58:09 2010
From: Marshall Eubanks <tme@americafree.tv>
In-Reply-To: <AANLkTimo848abt7W06EAcCuSgVUHZ4dCqCH3oDV5L4dU@mail.gmail.com>
Date: Sun, 24 Oct 2010 16:58:02 -0400
To: Matthew Petach <mpetach@netflight.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 24, 2010, at 4:48 PM, Matthew Petach wrote:
> On Sun, Oct 24, 2010 at 8:34 AM, Brandon Kim =
<brandon.kim@brandontek.com> wrote:
>>=20
>> Hey guys:
>>=20
>> I wanted to open up this question regarding NTP server. I recalled =
someone had created a posting of this quite awhile back.
>>> =46rom a service provider/ISP standpoint, does anyone think that =
having a local NTP server is really necessary?
>>=20
>> I've asked some of my fellow engineers at work and many of them gives =
me the same response, "Can't we just use free ones out on the internet?"
>=20
> Depends on how much you trust other people.
> NTP can potentially be used as a DoS vector by your upstream clocks,
> if you're not running your own.
>=20
> I've seen 50,000 servers panic in the blink of an eye when the NTP =
source
> issued a leap second, and the kernel wasn't patched to handle it =
properly;
> and that's a forward leap second. Nobody's tested reverse leap =
seconds
> yet; who knows what would happen to your hosts if your upstream NTP
> servers decided to issue a reverse leap second towards you?
Negative leap seconds are certainly possible, and 20 years ago (when I =
was working for the USNO Directorate of Time)=20
I thought that the currents down in the
core might be going to give us a few; I have often wondered how many =
systems would choke on this.
Regards
Marshall
> Granted, if
> you choose enough diverse upstream clocks, that becomes more difficult
> for someone to exploit; but it's not impossible, and you can't count =
on
> keeping your upstream clock sources secret, given the bidirectional
> communication that can take place between NTP servers.
>=20
> *shrug* It's cheap enough to run your own clock sources, once you're
> above a certain size, and it's one less potential attack vector from =
the
> outside; why wouldn't you want to secure your edge against it?
>=20
> Matt
>=20
>=20
