[ntp:questions] Secure NTP

Maarten Wiltink maarten at kittensandcats.net
Fri Mar 25 16:27:17 UTC 2011


<jimp at specsol.spam.sux.com> wrote in message
news:5lpu58-278.ln1 at mail.specsol.com...
> Uwe Klein <uwe_klein_habertwedt at t-online.de> wrote:
[...]
>> The $something trading solutions that require exact timematch
>> ( remember the recent rush of ntp users
>>   requiring u-second global time match )
>> over a set of widely distributed hosts allow fraud in
>> various ways if you can manipulate the time for some select host.
>
> One more time, if time is critical to your operation you do NOT have
> one and only one NTP server.
>
> You have serveral servers with local GPS and CDMA NTP boxes.
>
> Let's see you spoof the Internet, GPS, and CDMA all at the same time.

I'll solve (the subproblems of) the big problems just like the little
problems. One at a time.

That there are other lines of defence is no reason to neglect any one
of them. Every single one is there in case the other ones fail. Any and
all of the other ones.

You do not improve security by stacking the lemon meringue walls higher,
or thicker.

Groetjes,
Maarten Wiltink





More information about the questions mailing list