[189190] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Chris Adams)
Tue May 10 20:17:54 2016
X-Original-To: nanog@nanog.org
Date: Tue, 10 May 2016 19:17:50 -0500
From: Chris Adams <cma@cmadams.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <6C6CBDEB-C95E-41CA-8642-FC6F5662B57F@beckman.org>
Errors-To: nanog-bounces@nanog.org
Once upon a time, Mel Beckman <mel@beckman.org> said:
> Boss: So how did a hacker get in and crash our accounting server, break our VPNs, and kill our network performance?
>
> IT guy: He changed our clocks.
So, this has been repeated several times (with how bad things will go if
your clocks get changed by years). It isn't that easy.
First, out of the box, if you use the public pool servers (default
config), you'll typically get 4 random (more or less) servers from the
pool. There are a bunch, so Joe Random Hacker isn't going to have a
high chance of guessing the servers your system is using.
Second, he'd have to guess at least three to "win".
Third, at best, he'd only be able to change your clocks a little; the
common software won't step the clock more than IIRC 15 minutes. Yes,
that can cause problems, but not the catastrophes of years in the future
or Jan 1, 1970 mentioned in this thread.
Is it possible to cause problems? Yes. Is it a practical attack? I'm
not so sure, and I haven't seen proof to the contrary.
--
Chris Adams <cma@cmadams.net>
