[time-nuts] Time security query
Hal Murray
hmurray at megapathdsl.net
Tue Aug 25 22:43:46 UTC 2009
javier.serrano.pareja at gmail.com said:
> There are some exceptions to this, with PLCs and other pieces of
> hardware getting sync from NTP. We've had problems in our Post Mortem
> system in the past, with a PLC not receiving NTP traffic because of
> router misconfiguration and this resulting in incoherent time tags.
Are your PLCs running full NTP or some minimal implementation?
The reference implementation has a lot of monitoring/debugging options.
Probably the simplest approach is to setup a ntp server and use it to monitor
the systems you are interested in. (I'll say more if anybody wants.)
Speaking of software bugs, many of the minimal implementations have
"interesting" problems. In case anybody isn't familiar with it, Dave Plonka
has a wonderful writeup of the Netgear/Univ-Wisc mixup. I'd call it required
reading for any computer science program.
http://pages.cs.wisc.edu/~plonka/netgear-sntp/
Wikipedia has a page that covers a few more incidents:
http://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse
Anyway, if you are using ntp, add denial-of-service to the list of
considerations, either on your servers or the servers you are using. For
popular servers like the ones run by NIST, there are significant errors
during the normal daily peak load times.
> Our proposed solution for that is to feed a PPS from one of our timing
> receivers to the critical PLCs and ask them to time-tag it with their
> internal NTP-derived time base.
Is tagging a PPS enough? How do you know if you are off by several seconds?
--
These are my opinions, not necessarily my employer's. I hate spam.
More information about the time-nuts
mailing list