On Oct 24, 2010, at 4:48 PM, Matthew Petach wrote:
On Sun, Oct 24, 2010 at 8:34 AM, Brandon Kim <brandon.kim@brandontek.com> wrote:
Hey guys:
I wanted to open up this question regarding NTP server. I recalled someone had created a posting of this quite awhile back.
From a service provider/ISP standpoint, does anyone think that having a local NTP server is really necessary?
I've asked some of my fellow engineers at work and many of them gives me the same response, "Can't we just use free ones out on the internet?"
Depends on how much you trust other people. NTP can potentially be used as a DoS vector by your upstream clocks, if you're not running your own.
I've seen 50,000 servers panic in the blink of an eye when the NTP source issued a leap second, and the kernel wasn't patched to handle it properly; and that's a forward leap second. Nobody's tested reverse leap seconds yet; who knows what would happen to your hosts if your upstream NTP servers decided to issue a reverse leap second towards you?
Negative leap seconds are certainly possible, and 20 years ago (when I was working for the USNO Directorate of Time) I thought that the currents down in the core might be going to give us a few; I have often wondered how many systems would choke on this. Regards Marshall
Granted, if you choose enough diverse upstream clocks, that becomes more difficult for someone to exploit; but it's not impossible, and you can't count on keeping your upstream clock sources secret, given the bidirectional communication that can take place between NTP servers.
*shrug* It's cheap enough to run your own clock sources, once you're above a certain size, and it's one less potential attack vector from the outside; why wouldn't you want to secure your edge against it?
Matt