[189183] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Gary E. Miller)
Tue May 10 16:30:35 2016
X-Original-To: nanog@nanog.org
Date: Tue, 10 May 2016 13:24:24 -0700
From: "Gary E. Miller" <gem@rellim.com>
To: "Chuck Church" <chuckchurch@gmail.com>
In-Reply-To: <053e01d1aaf9$26f69d50$74e3d7f0$@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--Sig_/9.x5ddxD7kvrf/lZPiM3VbE
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Yo Chuck!
On Tue, 10 May 2016 16:18:41 -0400
"Chuck Church" <chuckchurch@gmail.com> wrote:
> Ok, annoyance might have been a little light on the severity wording.
Yup.
> Still, modifying all your incoming NTP packets from all your sources
> to actually get your NTP servers to agree on a bad time is tricky.
> That is assuming you've got multiple links, multiple sources from
> multiple organizations (more than 4), they're all authenticated,
> etc.
NTP Authentication (autokey) has been broken, and no one used it anyway. =20
If I have a copy of your ntp.conf I can spoof all your chimers. Not
hard at all. This is UDP after all.
> Even if a criminal was to do all that damage you listed, it
> still probably doesn't result in obtaining sensitive data or money
> that would be the main motivators for such extreme hacking.
Correct, it would just get me fired due to the extended downtime.
Or maybe my company just decided to pay the ransom to get un-DoS'ed.
I still get fired.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
--Sig_/9.x5ddxD7kvrf/lZPiM3VbE
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXMkN4AAoJEA0O2UlB0XnY+OUH/3XLYPetDjKoTyuAiaRkOKSG
EerRjOT5XY1FgE6vAR7WtE6/vzoWOyQ3eSRCzWkC3Qucp+TiKpLupXPxjTNt1JVh
MOLqTvW+xy0WwVhfvjZ1XJztn9sOz29JAtsvVwsI+nKnxPRFxXpsI7lkbxt/DueB
EvlgW/oQToPrunrq4pAwom2/rYUu7xWsZUKr+kV7+l+4FnKDq+c4MN2fJc6uZxdn
vo4ml4qOhluH7TPrj3l2xf2eWWECznKTC/Ld5BSSsIA69id1+RyZQRGBsigGGs8w
x2rMUZOoOb1F68QcttisipLrREKxBWNc16qC3iTA8Dc9RnLYLt6Z5XZ51jIo+A4=
=ROps
-----END PGP SIGNATURE-----
--Sig_/9.x5ddxD7kvrf/lZPiM3VbE--
