[189205] in North American Network Operators' Group
RE: NIST NTP servers
daemon@ATHENA.MIT.EDU (Allan Liska)
Wed May 11 10:01:06 2016
X-Original-To: nanog@nanog.org
Date: Tue, 10 May 2016 10:40:23 -0400
To: "Chuck Church" <chuckchurch@gmail.com>, "'Majdi S. Abbas'" <msa@latt.net>,
nanog@nanog.org
From: "Allan Liska" <allan@allan.org>
In-Reply-To: <04a201d1aac8$6320f360$2962da20$@gmail.com>
Errors-To: nanog-bounces@nanog.org
On 5/10/2016 at 10:30 AM, "Chuck Church" <chuckchurch@gmail.com> wrote:
>
>It doesn't really. Granted there are a lot of CVEs coming out for
>NTP the
>last year or so. But I just don't think there are that many
>attacks on it.
>It's just not worth the effort. Changing time on devices is more
>an
>annoyance than anything, and doesn't necessarily get you into a
>device.
>Sure you can hide your tracks a little by altering time in logs
>and altering
>it back, but that's more of an in-depth nation-state kind of
>attack, not
>going to be a script kiddie kind of thing. Just follow the best
>practices
>for verifying packet sources and NTP security itself, and you
>should be ok.
>
>Chuck
I would argue that the fact the NTP can, and has been, be used in DDoS amplification attacks is a serious concern for using protocol going forward.
allan
