[ntp:security] [Bug 3012] Sybil vulnerability: ephemeral association attack

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Feb 4 08:09:41 UTC 2016


Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
              Group|                            |Security
                 CC|                            |mvangund at cisco.com
            Summary|x                           |Sybil vulnerability:
                   |                            |ephemeral association
                   |                            |attack
              Flags|                            |blocking4.2.8+

--- Comment #1 from Harlan Stenn <stenn at ntp.org> 2016-02-04 08:09:41 UTC ---
ntpd can be vulnerable to Sybil attacks.  A malicious authenticated peer can
create arbitrarily-many ephemeral associations in order to win ntpd's clock
selection algorithm and modify a victim's clock.

ntpd has the ability to create ephemeral peer associations on the fly in
response to certain kinds of incoming requests.  In most common configurations,
if an incoming request will cause a new ephemeral association to be mobilized,
ntpd requires the request to be authenticated under a trusted symmetric key. 
However, ntpd does not enforce any limit on the number of active ephemeral
associations that may be created under a single key making ntpd vulnerable to
Sybil attacks.

A malicious authenticated peer can use its knowledge of the trusted key that it
shares with a victim ntpd process in order to create multiple ephemeral
associations with the victim from different source IP addresses.  Each of these
malicious associations can advertise false time to the victim.  If the
malicious associations providing consistent false time advertisements outweigh
the number of legitimate peer associations, the victim will sync to the time
advertised by the attacker.

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list