Boss: So how did a hacker get in and crash our accounting server, break our VPNs, and kill our network performance? IT guy: He changed our clocks. Boss: How did he do that? IT guy: We have an opening in our firewall that permits time clock packets to come from anywhere in the world, under certain conditions. Boss: Why didn’t you block that? IT guy: Well, we filtered to only accept clock settings from a trusted source, but the hacker lied and pretended to be that protected source. Boss: I thought encryption was supposed to prevent that. IT guy: Time clock packets aren’t encrypted. There is no standard for that. Boss: Not even a password? IT guy: Yes, there is a sophisticated authentication mechanism, but it doesn’t work. Boss: So how could we have prevented this? IT guy: We could have purchased our own time server synchronized to the U.S. Department of Standards atomic clock via Global Positioning System satellites using a special antenna. Then we wouldn’t need time from the Internet. Boss: That sounds expensive. How much are we talking? IT guy: $300 Boss: You’re fired. On May 10, 2016, at 1:51 PM, Jared Mauch <jared@puck.nether.net<mailto:jared@puck.nether.net>> wrote: On May 10, 2016, at 4:40 PM, Gary E. Miller <gem@rellim.com<mailto:gem@rellim.com>> wrote: Yo Jared! Yo, Gary! On Tue, 10 May 2016 16:29:26 -0400 Jared Mauch <jared@puck.nether.net<mailto:jared@puck.nether.net>> wrote: If you’re using Redhat based systems consider using chrony instead, even the new beta fedora 24 uses 4.2.6 derived code vs 4.2.8 Or, new but under heavy development: NTPsec : https://www.ntpsec.org/ It is a fork of classic NTPD, but was not vulnerable to most of the recent NTPD CVEs. Yeah, there are some issues here in how the NTP community has implemented solutions without discussing with each other through the community splits. The NTPWG at IETF has been in a bit of stasis for years now because the various aspects of how it works, and those who present sometimes don’t output in the most organized fashion requiring a lot of effort on the receiver. There’s also a very narrow universe of people who actually care about the implementations and details, with people like Majdi, Harlan and Miroslav understanding the needs more than I’ve seen anyone from the ntpsec/cisco funded side grasp the nuances of. As a general statement, we are well served by having diverse and robust implementations, but as we’ve seen in the (mostly) router space that NANOG community cares about.. there are far more BGP implementations than NTP. This isn’t good if the community wants to move to a model of certificate based routing and the dependent infrastructure is weak. I would suggest moving parts of this discussion to either the NTP Pool or the NTPWG mailing lists. - jared