[189211] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Mel Beckman)
Wed May 11 10:31:15 2016
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Josh Reynolds <josh@kyneticwifi.com>
Date: Wed, 11 May 2016 14:30:12 +0000
In-Reply-To: <CAC6=tfatBnWnbTH-vW1En8kFG86no6sfyTr+O_LG_PJjZGM+Ew@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Josh,
Read deeper into the thread and you'll find where I sourced inexpensive RF-=
based NTP servers using CDMA, GSM, and even WWV. All radically different te=
chnologies that are unlikely to have common failure modes. But yes, buying =
different brands can't hurt either.=20
-mel beckman
> On May 11, 2016, at 7:15 AM, Josh Reynolds <josh@kyneticwifi.com> wrote:
>=20
> I hope your receivers aren't all from a single source.
>=20
> I was in Iraq when this (
> http://dailycaller.com/2010/06/01/glitch-shows-how-much-us-military-relie=
s-on-gps/
> ) happened, which meant I had no GPS guided indirect fire assets for 2
> weeks.
>=20
>> On Wed, May 11, 2016 at 8:31 AM, Leo Bicknell <bicknell@ufp.org> wrote:
>> In a message written on Tue, May 10, 2016 at 08:23:04PM +0000, Mel Beckm=
an wrote:
>>> All because of misplaced trust in a tiny UDP packet that can worm its w=
ay into your network from anywhere on the Internet.
>>>=20
>>> I say you=92re crazy if you don=92t run a GPS-based NTP server, especia=
lly given that they cost as little as $300 for very solid gear. Heck, get t=
wo or three!
>>=20
>> You're replacing one single point of failure with another.
>>=20
>> Personally, my network gets NTP from 14 stratum 1 sources right now.
>> You, and the hacker, do not know which ones. You have to guess at least
>> 8 to get me to move to your "hacked" time. Good luck.
>>=20
>> Redundancy is the solution, not a new single point of failure. GPS
>> can be part of the redundancy, not a sole solution.
>>=20
>> --
>> Leo Bicknell - bicknell@ufp.org
>> PGP keys at http://www.ufp.org/~bicknell/
