[time-nuts] When NTP goes wrong...

Wojciech Owczarek wojciech at owczarek.co.uk
Sun Oct 25 09:34:43 EDT 2015

I think this is a classic case of confusing application security with
network security. The whole idea relies on spoofing packets. A spoofing
scenario is only realistic in a lab setting. Or in case of a physical
takeover of a circuit, which - well, then you have more important things to
worry about, and please show me an actual existing case.

The series of off-path attacks described are off-path only because they
don't require intercepting previous communication, but they still require
spoofing. Theoretically any application using a connectionless protocol
like UDP suffers from this "vulnerability" to spoofing one way or another.
My personal favourite statement "on a properly designed network..." usually
negates most of those.

PHK - as you say, the only cure is to have your own NTP servers, and any
serious organisation out there does.

The paper definitely has some research value, but in my opinion the
negative publicity generated by this is overblown and undeserved. One thing
I will agree with, is that there are too many random NTP servers out there
which are dusty boxes sitting somewhere in the broom cupboard, running
ancient software. However, all those vulnerable public NTP servers are
vulnerable if you're sitting next to them.


More information about the time-nuts mailing list