[time-nuts] When NTP goes wrong...

Poul-Henning Kamp phk at phk.freebsd.dk
Sun Oct 25 03:14:24 EDT 2015


--------
In message <20151024123614.7bbfe893 at aluminium.mobile.teply.info>, Florian Teply
 writes:

>But if I read that article on ars technica correctly, it looks like it
>is something inherent to the ntp protocol itself and the definitions it
>makes.

Correct.

The article is basically about how you can change the time on a
computer you are attacking by spoofing NTP replies.

Apart from a little mitigation, all implementations will be vulnerable
to this, because that is what happens when you get your time from an
unauthenticated server somewhere on the net.

The only real cure is to have your own NTP servers.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


More information about the time-nuts mailing list