I dont think this is correct. I have seen routing protocol adjacencies going down because of some perturbations in NTP. I understand, any router implementation worth its salt would not use the NTP clock internally, but i have seen some real life issues where OSPF went down because the time moved ahead and it thought that it hadnt heard from the neighbor since a long time. All such bugs were eventually fixed, but this is just one example. There is an emerging need to distribute highly accurate time information over IP and over MPLS packet switched networks (PSNs). A variety of applications require time information to a precision which existing protocols cannot supply. TICTOC is an IETF WG created to develop solutions that meet the requirements of such protocols and applications. Glen
On Tue, Nov 4, 2008 at 12:22 PM, <Valdis.Kletnieks@vt.edu> wrote: On Mon, 03 Nov 2008 22:23:07 PST, Paul Ferguson said:
I'm just wondering -- in globak scheme of security issue, is NTP security a major issue?
The biggest problem is that you pretty much have to spoof a server that the client is already configured to be accepting NTP packets from. And *then* you have to remember that your packets can only lie about the time by a very small number of milliseconds or they get tossed out by the NTP packet filter that measures the apparent jitter. Remember, the *real* clock is also sending correct updates. At *best*, you lie like hell, and get the clock thrown out as an "insane" timesource. But at that point, a properly configured clock will go on autopilot till a quorum of sane clocks reappears, so you don't have much chance of wedging in a huge time slew (unless you *really* hit the jackpot, and the client reboots and does an ntpdate and you manage to cram in enough false packets to mis-set the clock then).
So in most cases, you can only push the clock around by milliseconds - and that doesn't buy you very much room for a replay attack or similar, because that's under the retransmit timeout for a lost packet. It isn't like you can get away with replaying something from 5 minutes ago.
Now, if you wanted to be *dastardly*, you'd figure out where a site's Stratum-1 server(s) have their GPS antennas, and you'd read the recent research on spoofing GPS signals - at *that* point you'd have a good chance of controlling the horizontal and vertical....