[189228] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed May 11 20:08:40 2016
X-Original-To: nanog@nanog.org
To: Florian Weimer <fw@deneb.enyo.de>
From: Valdis.Kletnieks@vt.edu
In-Reply-To: <87eg989zx2.fsf@mid.deneb.enyo.de>
Date: Wed, 11 May 2016 20:08:32 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1463011712_2317P
Content-Type: text/plain; charset=us-ascii
On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
> * Chris Adams:
>
> > First, out of the box, if you use the public pool servers (default
> > config), you'll typically get 4 random (more or less) servers from the
> > pool. There are a bunch, so Joe Random Hacker isn't going to have a
> > high chance of guessing the servers your system is using.
>
> A determined attacker will just run servers in the official pool.
Such attacks have allegedly been attempted against Tor by certain
very well funded adversaries.
Thus my statement that if you're seeing that scale attack on your time
sources, the fact that your time source is being attacked is the *least*
of your problems...
--==_Exmh_1463011712_2317P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBVzPJgAdmEQWDXROgAQL2XA//ffMxjzn/PAfwZrDyIL8HFceR5s3WmFWw
wmclq08VcV5jkgrasvbO84Yl0VoLrXEicEYd1b19gmo5BSFR0/EfHO6FirRBEfyA
BT381qa/A+SQudZU9tGj7IWOde8ARbUtUwpZOat5iE3UI+isxJ6VTwaL3M7jZJr/
kNBnlEGnOpkjWZZhmb600M5Rlm5kZAuQLWHQVCYVX5zmuxuywpL6qFsBf5NBje7s
fPU4T6uhYmlBhZrz4jN5HrCrKoyTItItSK2en12+nPOo1t7X3YNkEGvSsavnIyZt
UwgaV3BeCzrpaLCiC6nTLnjT0YjHkuS8INYq3iAdXhqKmv27hwA0tw1ABv/O/8lX
D19UyoaP+GbA4nP+OG2ldFY5NFjbLutbM+XdIugkUTY7vD4IxIvu9tDynUORug6X
ijG7MP2bHiFdvtSTNXiIFR5IvghjWJLpFrwcWiTkY2tHL6IknLTaD3D7on0hdDW5
55DT5DHzA4+xshNwdnrzExDlBcS7KMDXvbOGa67R8wMIGipuLEFF2WPqBPlxDnay
EFDNGz0Z6CCUne/f4IuRAB4uvlNCYM4jcHINw23OtIGehEJUp0nr99JvF069PksX
igo9faSZ1LooJFSaPcV+qh3KkVfyQMoUSDko/tHSjqy16n06QhUtAtDgpPHtzLZ3
D1yyScesjZM=
=xn7v
-----END PGP SIGNATURE-----
--==_Exmh_1463011712_2317P--
