[ntp:questions] Can I stop authenticated peers from mobilizing symmetric associations
mlichvar at redhat.com
Fri Mar 10 09:20:50 UTC 2017
On Fri, Mar 10, 2017 at 02:34:51AM -0500, Majdi S. Abbas wrote:
> On Thu, Mar 09, 2017 at 05:24:35PM +0100, Miroslav Lichvar wrote:
> > Couldn't the malicious client create a larger number of ephemeral
> > associations, using multiple IP addresses, in order to outvote good
> > servers?
> If it has a bunch of IP addresses, maybe... but you'd have to
> be close enough to the existing clock to capture the peer.. (read:
> close/low latency and jitter path, and serve better time than the
> configured servers for a while).
I'm not sure if distance and jitter really matter here. The source
selection algorithm discards falsetickers before distance/jitter are
involved in the clustering and combining.
I was able to reproduce the issue with ntp-4.2.8p9. The server was
configured with three good stratum-1 server. Four clients that had a
valid key were off by 10 minutes. They created symmetric associations
with the server and were able to outvote the good servers, even though
their distance and jitter was much larger.
remote refid st t when poll reach delay offset jitter
xgood-server1 .GPS. 1 u 21 64 377 0.244 -600000 0.096
xgood-server2 .GPS. 1 u 24 64 377 0.241 -600000 0.112
xgood-server3 .GPS. 1 u 56 64 377 0.233 -600000 0.066
+bad-client1 LOCAL(1) 3 S 22 64 377 31.424 -0.752 2.211
+bad-client2 LOCAL(1) 3 S 17 64 377 36.310 0.015 1.741
+bad-client3 LOCAL(1) 3 S 27 64 377 34.919 0.462 2.441
*bad-client4 LOCAL(1) 3 S 38 64 377 31.443 -0.491 1.401
> ...and that assumes you aren't using prefer on your chosen servers.
You mean the true option? The prefer option doesn't seem to have an
effect on falsetickers.
Another way to avoid this problem might be allowing authentication of
server packets with keys that are not marked as trusted with the
trustedkey directive. If clients used untrusted keys for
authentication of the server, they wouldn't be able to create
More information about the questions