[ntp:questions] Questions from people whose return address is gmail, googlemail, Yahoo, etc.

Jochen Bern Jochen.Bern at LINworks.de
Sun Sep 7 14:43:26 UTC 2014


On 09/06/2014 02:21 PM, Charles Elliott wrote:
> Some day, is it going to be important to
> ISIS to have accurate time to coordinate a massive strike on
> the electric, railroad, or bridge infrastructure in some
> Western country?  Are list members going to facilitate that?

As long as the definition of "accurate time" in your question is "beyond
the precision readily available from GPS, GLONASS, etc. devices, and
using ntpd running on general purpose computers", my answer to both is
"no". Any kind of attack with a physical object doesn't need to be
"coordinated" to that precision unless you need to properly destroy a
hardened target, and any computer attacking a network using that
precision (there *are* a few attacks where you need the packets to
arrive at the victim with precise timing) needs specialized computing
machinery in the first place. Not to mention an extremely low-jitter
network path between both.

Mind, I'm not saying that precision timing cannot be used to *prepare*
an attack - the prime example being pinpointing the coordinated
triggering of the conventional charges in a Pu-based nuke. But if IS
were to spend *that* kind of effort, they'ld had something *usuable* for
their purposes (dirty bomb) a lot earlier.

>       I propose that in the short term NTP questions list members not
> respond to inquires from people whose return address is a bulk email
> provider, and in the long run the NTP list server be made to reject
> email from bulk providers, [...] and from domains that are not in the
> whois database or that do not respond to pings.

Disabling pings from the Internet is pretty much standard practice to
secure organization-internal networks. Proper WHOIS data is primarily
the duty of the ISP, not the domain owner, to provide - some just don't.
However, domain plus WHOIS plus e-mail (on ISP's machines) is
essentially available dirt cheap with no documents or physical
appearance anywhere nowadays, even with certain ccTLDs.

And all this is going to be rendered useless by the first IS sympathizer
having himself hired by a "legit" organization, anyway. Or even simpler,
one *faking* his sender address to include an appropriate domain (and
hoping for on-list replies), like spam does literally every microsecond now.

Regards,
								J. Bern
-- 
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel


More information about the questions mailing list