[ntp:questions] Secure NTP

jimp at specsol.spam.sux.com jimp at specsol.spam.sux.com
Mon Mar 28 17:42:34 UTC 2011


Uwe Klein <uwe_klein_habertwedt at t-online.de> wrote:
> jimp at specsol.spam.sux.com wrote:
>> At that point they start slowly changing the time to something else.
>> 
>> Meanwhile, inside the building where NTP was set up by someone with a clue
> if you go by the questions placed here on occasion that assumption is not a given ;-)
> 
>> that bothered to read the documentation, the target client computers notice
>> that the GPS source is different than all the other sources and decide the
>> GPS source has failed and ignore the GPS data.
>> 
>> Drat that NTP voting alogorithm.
> 
> engineering is a management of negatives ( positives is for weenies )
> 
> If I had that clocker job (not likely)
> I would disable all but one source and spoof the remaining in advance.
> my guess is that even most high profile setups won't complain
> about being reduced to a single source for time.

You are talking about an inside job and neither NPT authentication nor
any other software based tool is able to do much about that.

If you are already inside, there are easier and more direct ways to steal
than messing with system clocks.

I deal with an organization where the correct time is modestly (in terms
of what NTP can do) important.

It is important to them that all systems are within about 0.25 seconds of
the real time.

The local division I support has three systems set up as NTP servers and a
stand alone GPS NTP box to provide time for all the division client
systems.

The three NTP servers get their time from the local GPS NTP box as well
as other GPS NTP boxes and CDMA NTP boxes located at other corporate sites
hundreds of miles away on the private corporate network and additionally
from several public NTP servers on the Internet.

Spoof that.



-- 
Jim Pennino

Remove .spam.sux to reply.




More information about the questions mailing list