[time-nuts] When NTP goes wrong...

Poul-Henning Kamp phk at phk.freebsd.dk
Sun Oct 25 13:06:36 EDT 2015

In message <20151025162731.7a4a7bd7 at aluminium.mobile.teply.info>, Florian Teply

>Of course proper authentication would make this kind of attack more
>difficult, but as far as I can see, I'd estimate the amount of
>authenticated NTP traffic on the internet to be negligible.

That's because the standardized way of doing it doesn't really work.

>> The only real cure is to have your own NTP servers.
>Which then of course must not rely on external sources for their time,

Obviously.  There is no free lunch.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the time-nuts mailing list