[ntp:questions] Secure NTP
Chris Albertson
albertson.chris at gmail.com
Fri Mar 25 01:36:17 UTC 2011
On Thu, Mar 24, 2011 at 4:18 PM, <jimp at specsol.spam.sux.com> wrote:
> Hal Murray <hal-usenet at ip-64-139-1-69.sjc.megapath.net> wrote:
>> In article <ghps58-1a.ln1 at mail.specsol.com>,
>> jimp at specsol.spam.sux.com writes:
>>
>>>When I see questions like this my first response is "Why all the bother?".
>>>
>>>There is nothing secret or proprietary about the time of day.
>>>
>>>Since all NTP servers provide UTC, the service reveals nothing about the
>>>machine other than the fact that the clock is correct.
>>>
>>>If you don't want your resources utilized by outsiders, you just block
>>>access to the NTP port for everyone but your own clients as a blocked
>>>port uses less resources than denying an unsucessful authorization does.
>>>
>>>Am I missing something??
>>
>> Yes. The encryption also verifies that you are talking to the
>> server you think you are talking to rather than an imposter.
>
> If you specify the server by IP address, how does that happen and who
> would bother to do it?
The most obvious and easy way is that I cut the wire that goes from
your house to your ISP and place a computer (and modems) at the cut
point. It can change any bit in any packet. I would not bother with
your house but a bank, maybe.
If I could make transactions that were backdated I could make a lot of
money even if only slightly back dated by 10 seconds.
>
> IP hijacking will disrupt a lot more than just NTP.
It can but, that is up to the hijacker. A "man in the middle"
attack can filter network packets and change only the bits he wants
changed
>
> If your server and its clients are on a corporate network, which is the
> usual case for having one's own server, how does this happen?
Outsider has taken control of a computer that lives inside your network
In general your arguments follows a common mistake. It is equivalent
to "I can't figure it out so therefor it can't happen". It is never
valid to argue "it's imposable because I can't figure any way to....".
To claim something is imposable you need something that is very
much like a mathematical proof.
--
=====
Chris Albertson
Redondo Beach, California
More information about the questions
mailing list