[time-nuts] When NTP goes wrong...

Magnus Danielson magnus at rubidium.dyndns.org
Sat Oct 24 19:50:57 UTC 2015 

Bob,

It was linked from the article. Some 18 pages of reading. Go and read 
it. I will when I get the time... can somebody skew my time by skew my 
NTP? Just read the article, it tells you how to pull it off.

Cheers,
Magnus

On 10/24/2015 03:02 PM, Bob Camp wrote:
> Hi
>
> Without the real paper(s) they are referencing, it’s impossible to evaluate what they
> are saying. In order to actually address their points, it will have to be done on a paper
> by paper basis.
>
> Bob
>
>> On Oct 24, 2015, at 6:36 AM, Florian Teply <usenet at teply.info> wrote:
>>
>> Am Wed, 21 Oct 2015 22:54:15 -0700
>> schrieb Rob Seaman <seaman at noao.edu>:
>>
>>> Mark Sims said:
>>>
>>>> Ars Technica just put up a piece on the effects of various attacks
>>>> on NTP with a link to the original paper.
>>>>
>>>> http://arstechnica.com/security/2015/10/new-attacks-on-network-time-protocol-can-defeat-https-and-create-chaos/
>>>
>>>
>>> The Network Time Foundation (through Harlan Stenn’s hard work) has
>>> already released a patch synchronized with the publication of the
>>> referenced paper from Boston University:
>>>
>>> 	http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/
>>>
>>> Many of the comments on the Ars Technica piece are quite naive
>>> regarding timekeeping issues. This reflects an ongoing need for
>>> public education that Time-nuts as well as NTF can help supply.
>>>
>> In my opinion, it would be interesting to know if other implementations
>> are affected as well.
>> Until now, I've come across the ntp mentioned above, maintained by
>> the network time foundation.
>> But there's also openntpd, maintained by the OpenBSD guys, and ntimed
>> by PHK, which IIRC both claim to address security. Likely there afre
>> even more out there...
>>
>> But if I read that article on ars technica correctly, it looks like it
>> is something inherent to the ntp protocol itself and the definitions it
>> makes.
>>
>> Poul-Henning, would you care to comment on that for ntimed?
>>
>> Best regards,
>> Florian
>> _______________________________________________
>> time-nuts mailing list -- time-nuts at febo.com
>> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
>> and follow the instructions there.
>
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
> and follow the instructions there.
>

More information about the Time-nuts_lists.febo.com mailing list