North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: well-known NTP?

  • From: Edward B. DREGER
  • Date: Tue Apr 11 19:27:08 2006

LL> Date: Wed, 12 Apr 2006 01:10:09 +0200
LL> From: Lars-Johan Liman

LL> [I just happened to see this, browsing at high speed, so please
LL> forgive me, if I'm out of context.]

I was primarily referring to taking the load away from DIX. :-)
However, as long as you raise a few points...

LL> If you create a disparate anycast system of NTP server, you run into a
LL> security issue, since many security protocols have "accurate time" as
LL> an important parameter, and a rouge anycast NTP server could create
LL> substantial amounts of harm from security and other standpoints by
LL> giving out incorrect time.

A rogue server can cause trouble regardless of whether it's anycasted
[by design].  The "blast radius" might be smaller (which can complicate
troubleshooting but helps contain damage).  Of course, more systems
means more chance for failure.

Furthermore, "unicast by design" does nothing to prevent a rogue route
from changing that.  Panix was just a recent victim of this.

LL> Nope, you want your NTP to come from an appropriate source ...
LL> preferrably with signatures.

Time to query multiple NTP sources, utilize GPS, and limit time
adjustment deltas.

I'll concede that multi-provider anycast presents an obvious problem for
sharing the key with "only the good guys".  However, I think all the
little D-Link critters can live with unsigned stratum-9 answers by 

Everquick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
DO NOT send mail to the following addresses:
[email protected] -*- [email protected] -*- [email protected]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.