[189258] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (George Herbert)
Fri May 13 00:38:22 2016
X-Original-To: nanog@nanog.org
From: George Herbert <george.herbert@gmail.com>
In-Reply-To: <20160511133127.GA75456@ussenterprise.ufp.org>
Date: Thu, 12 May 2016 21:38:16 -0700
To: Leo Bicknell <bicknell@ufp.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On May 11, 2016, at 6:31 AM, Leo Bicknell <bicknell@ufp.org> wrote:
> ...
> You're replacing one single point of failure with another.
>=20
> Personally, my network gets NTP from 14 stratum 1 sources right now.
> You, and the hacker, do not know which ones. You have to guess at least
> 8 to get me to move to your "hacked" time. Good luck.
...except for people who think that N internet only servers is enough redund=
ancy.
Pretty much anything with unfiltered outbound could put out enough forged UD=
P to effectively jam ALL the Stratum 1 servers for a given endpoint.
George William Herbert
Sent from my iPhone=
