[ntp:questions] Secure NTP

jimp at specsol.spam.sux.com jimp at specsol.spam.sux.com
Mon Mar 28 15:56:21 UTC 2011

Uwe Klein <uwe_klein_habertwedt at t-online.de> wrote:
> jimp at specsol.spam.sux.com wrote:
>> Richard B. Gilbert <rgilbert88 at comcast.net> wrote:
>>>Didn't I just see an announcement that GPS was going to be jammed in 
>>>order to test something or other?
>> Yeah, it happens quite often on a scheduled basis in limited areas.
> Hmm, it should not be all that difficult to set up a limited reach
> GPS WAAS/EGNOS impostor.
> elsewher:
> Bruce Schneier ( security guy ):
> http://www.schneier.com/blog/archives/2008/09/gps_spoofing.html
> uwe

OK, so the bad guy sets up the stuff for a GPS spoofer and parks it next
to the targeted building where high dollar value stuff goes on in hopes
of tweeking their system clocks and stealing a fortune.

First issue; a big bucks operation is likely in a multi-story building
with the GPS antenna on the roof and GPS antennas have low sensitivity
looking down.

Our bad guys just happen to know something about antenna patterns, so they
obtained some high power RF amplifiers to make sure their signal dominates.

So, after carefully syncing their spoofer to the real time, because if they
don't, the time jump will just be rejected, the bad guys start cranking up
the output power until their signal dominates.

At that point they start slowly changing the time to something else.

Meanwhile, inside the building where NTP was set up by someone with a clue
that bothered to read the documentation, the target client computers notice
that the GPS source is different than all the other sources and decide the
GPS source has failed and ignore the GPS data.

Drat that NTP voting alogorithm.

Jim Pennino

Remove .spam.sux to reply.

More information about the questions mailing list