[ntp:questions] Can I stop authenticated peers from mobilizing symmetric associations

Moser, Stefan stefan.moser at atos.net
Thu Mar 9 15:16:57 UTC 2017


Hello, thanks for your replies!

I think I have to explain the problem in more detail, perhaps with an example: Let's say that I have a local NTP server, and lots of remote NTP clients (running ntpd). All clients know my authentication key(s), so they can successfully authenticate with my local NTP server. None of the clients is entered in my local ntp.conf (of course). So far, so good.

Now assume that one of the remote NTP clients turns bad, deliberately configures forged time, and enters "peer <IP_of_my_local_NTP_server>" in its ntp.conf. This (correct me if I'm wrong) creates a dynamic mobilization with my local NTP server, and my local NTP server will eventually believe in the client's (now it's a peering server....) time.

I think that this a potential security problem, and I'm looking for a parameter which I can use to r e j e c t dynamic mobilizations of a u t h e n t i c a t e d remote servers with my local server. For *un*authenticated servers, 'nopeer' is the parameter for doing this. But 'nopeer' does only work for unauthenticated connections.

Stefan


More information about the questions mailing list