[time-nuts] Time security musing - attacking the clock itself
hmurray at megapathdsl.net
Tue Dec 4 23:22:32 UTC 2012
scmcgrath at gmail.com said:
> NTP servers. A way to hack them is to connect to one with a hostile server
> with higher stratum as NTP servers are configured as 'peers' Without the
> md5 you can steer a server with md5 the servers just ignore the attacking
It's more complicated than that.
When I set up a NTP server, I tell it what servers to use. If you just send
my server a packet telling it a bogus time, your packet will get ignored.
If you control the network, you could intercept the packets I send to the
servers I'm using and return forged packets. You still have to get past
various heuristics. For example, ntpd won't step the clock by more than 1000
These are my opinions. I hate spam.
More information about the time-nuts