[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: NTP secure

One disadvantage of running ntpdate is that it "blindly" believes the one 
server it contacts, whereas a ntp server can "watch" a couple of servers 
and ignore the "insane" ones.  Also running NTP long term will calibrate 
its software PLL such that when you lose contact with the external world, 
the server already has a nice complicated equation that "knows" the system 
clock is 44.02341 ppm slow and will attempt to correct it accordingly, 
which will give you pretty accurate time during the outage.

Two areas of thought:

One is what kind of accuracy do you need.  Where I work we need to compare 
recorded outages and alarms with other companies.  It helps alot if both 
us and "them" have identical clocks.  Thus we need to run NTP externally, 
like it or not, we have to.  On the other hand, if the only reason you 
want to run time sync software is the "too lazy to set the clock" effect, 
then don't bother running it, because the time spent setting it up and 
maintaining it would likely exceed the gain, other than the "coolness" 

Another area of thought is the security issue.  DOS attacks on NTP are 
pretty irrelevant, because if you need accurate time you'll be monitoring 
the NTP server, and will quickly detect and fix denial of services 
attacks, yet if you don't need accurate time and you lose NTP, then by 
definition it doesn't matter anyway.  Noone sells NTP as a service (?) so 
if it doesn't work noone outside the I.S. dept will care anyway.  The 
other area is what damage can be done by generally messing around with 
NTP, and although I've hardly audited the code myself, it seems as though 
theres almost nothing that could be done by some kind of exploit, 
considering that its UDP based and has plenty of code to deal with 
"insane" clocks anyway.

I guess the best way to determine if ntp is too "insecure" is to compare 
the number of exploits based on NTP vs the number of sendmail or MS IIS 

----- Forwarded by Vince Mulhollon/Norlight on 10/09/2000 09:16 AM -----

Matthew Whitworth <matthew@okcomputer.org>
10/09/2000 09:02 AM

        To:     Christian Hammers <ch@westend.com>
        cc:     debian-firewall@lists.debian.org, (bcc: Vince Mulhollon/Norlight)
        Fax to: 
        Subject:        Re: NTP secure

I frequently use ntpdate from a cron job rather than running a full blown
xntpd server.


Sign the petition to let Ralph Nader in the Presidential Debates!
93222 signatures and not a damn thing from the CPD....

On Mon, 9 Oct 2000, Christian Hammers wrote:

> Hi
> I'm wondering if the ntp protocol that operates mainly in UDP can be
> used on a firewall server (to syncronise logfiles) or if it is too
> insecure.
> The only information useable for "security" seems, according to 
> the originate time stamp which means that an attacker has to be very 
> to read this and send an own, faked packet faster than the original 
> server. 
> What would you recommend as time syncroniser on a firewall?
> (No big-company thing that would be worth to buy an DCF77 clock for it's
> own, just a fun project...)
> bye,
>  -christian-
> -- 
> Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 
> ch@westend.com     Internet & Security for Professionals    Fax 
>            WESTEND ist CISCO Systems Partner - Premium Certified
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact 

Reply to: