[189168] in North American Network Operators' Group
RE: NIST NTP servers
daemon@ATHENA.MIT.EDU (Chuck Church)
Tue May 10 10:58:51 2016
X-Original-To: nanog@nanog.org
From: "Chuck Church" <chuckchurch@gmail.com>
To: "'Allan Liska'" <allan@allan.org>, "'Majdi S. Abbas'" <msa@latt.net>,
<nanog@nanog.org>
In-Reply-To: <20160510144024.64E96E05D1@smtp.hushmail.com>
Date: Tue, 10 May 2016 10:57:27 -0400
Errors-To: nanog-bounces@nanog.org
True, but I did mention verifying packet sources. That needs to happen =
everywhere, and it's not hard to do. Just getting everyone to do it is =
tough.
Chuck
-----Original Message-----
From: Allan Liska [mailto:allan@allan.org]=20
Sent: Tuesday, May 10, 2016 10:40 AM
To: Chuck Church <chuckchurch@gmail.com>; 'Majdi S. Abbas' =
<msa@latt.net>; nanog@nanog.org
Subject: RE: NIST NTP servers
On 5/10/2016 at 10:30 AM, "Chuck Church" <chuckchurch@gmail.com> wrote:
>
>It doesn't really. Granted there are a lot of CVEs coming out for NTP=20
>the last year or so. But I just don't think there are that many=20
>attacks on it.
>It's just not worth the effort. Changing time on devices is more an=20
>annoyance than anything, and doesn't necessarily get you into a device.
>Sure you can hide your tracks a little by altering time in logs and=20
>altering it back, but that's more of an in-depth nation-state kind of=20
>attack, not going to be a script kiddie kind of thing. Just follow the =
>best practices for verifying packet sources and NTP security itself,=20
>and you should be ok.
>
>Chuck
I would argue that the fact the NTP can, and has been, be used in DDoS =
amplification attacks is a serious concern for using protocol going =
forward.
allan
