[ntp:questions] Secure NTP

Miroslav Lichvar mlichvar at redhat.com
Fri Mar 25 08:37:42 UTC 2011

On Thu, Mar 24, 2011 at 05:01:07PM -0700, Chris Albertson wrote:
> Security is so that you know you are not being spoofed.  Or if you are
> providing the time so that you can prove to your users that you are
> who you claim to be and are not spoofing them.
> There is the chance that someone might "impersonate" one of your
> servers or a server you use. and then make a computer's clock be set
> to the wrong time.   Again "who cares" if you only use your computer
> to serf the web and read emails but what if you were a bank processing
> ATM or visa card transactions or worse a computer routing trans or
> airplanes or controlling stop lights.

There is one important thing I haven't seen mentioned here. A MITM
doesn't need to modify the NTP packets to seriously degrade your
timekeeping. He can exploit the PLL instability when undersampled and
by dropping and delaying the packets (up to maxdist, 1.5s by default)
he can fairly quickly throw your clock off and let you drift away.

In addition to the authentication, it's important to monitor
reachability of the peers.

Miroslav Lichvar

More information about the questions mailing list