[189202] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Wed May 11 09:31:39 2016
X-Original-To: nanog@nanog.org
Date: Wed, 11 May 2016 06:31:27 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <7D10E910-339D-4E59-881E-DF977E41CF11@beckman.org>
Errors-To: nanog-bounces@nanog.org
--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Tue, May 10, 2016 at 08:23:04PM +0000, Mel Beckman =
wrote:
> All because of misplaced trust in a tiny UDP packet that can worm its way=
into your network from anywhere on the Internet.
>=20
> I say you=E2=80=99re crazy if you don=E2=80=99t run a GPS-based NTP serve=
r, especially given that they cost as little as $300 for very solid gear. H=
eck, get two or three!
You're replacing one single point of failure with another.
Personally, my network gets NTP from 14 stratum 1 sources right now.
You, and the hacker, do not know which ones. You have to guess at least
8 to get me to move to your "hacked" time. Good luck.
Redundancy is the solution, not a new single point of failure. GPS
can be part of the redundancy, not a sole solution.
--=20
Leo Bicknell - bicknell@ufp.org
PGP keys at http://www.ufp.org/~bicknell/
--LZvS9be/3tNcYl/X
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVzM0L7N3O8aJIdTMAQKKYw/9Hdef2+TonUDA1yL/eFxpAi6rndMM7pdb
myR5pVofRAkKZBdICRHJjIh4ypu86Sx2DJVhRMA0ZpdUAkNBcEhPMjqklUtNpa7N
aY7kHIIHy+EmIqENcLSzWKO91x+2a5bhF0vERferPlMvjXWDM0lmU3HGfr0++tQr
lsnGc9Kn/sf2tp/tfhXnURKCtug9h+tw6E/D79EN7JT+6/w5bgh6HUcd2xGVWtow
wV+fG1PvSgLjBt/PRD1DvVm91QdVKOekX52zewYgPeqU0YBmX9VNKMYnfpOgqBow
fXf2PoyTzl1zme2+aAzZbKPMR4nt8MPWLiHohrzwvn7y5awPDXkfF/I2ySVk81YP
GRcsut/zF6+XZm5O2xhrOPfAIAWXVqzpfQJxXTVaLemi2B+wAXTGzfAJ3wAAxNSH
OEg/sJGmDciK08bZjZz+9mDqnq5OrXmMkHbb/ay/W6u5fOTh+o/QA4RdAiUfvO94
G7PCiRtHjrUgXVe4a7QIwNmAVmkKLCu6Ls/nJXftqlFL+6uLsabNxeFnDDLOcL+D
4cHkH568k+xgNIcjzI/2r3O2TVtee3IRlelftx7qAoN60vCehaK9T+RkMRbDjyeF
Ym8axTOH4qqWgpprJuAnpzN2EdJSeJyaR6vxe+cwY1V9ujBXFve66ma+itRQXOoU
bLHRnr9ImHI=
=5Uyd
-----END PGP SIGNATURE-----
--LZvS9be/3tNcYl/X--
