Since we are on the subject, I would strongly recommend that you don't run NTP on Linux 2.2.13, since its especially vulnerable to our IPv4 fragmentation attack. "SunOS" also seems vulnerable, but I am not 100% sure what systems that say they are "SunOS" actually are. These OS will fragment packets to 64 bytes, and are vulnerable to frag attacks using "tiny" fragments. See Section VI of our paper: https://eprint.iacr.org/2015/1020.pdf You can also test your OS here (scroll to the bottom). http://www.cs.bu.edu/~goldbe/NTPattack.html On Fri, May 13, 2016 at 10:46 AM, Chuck Anderson <cra@wpi.edu> wrote:
On Fri, May 13, 2016 at 10:12:49AM -0400, Lamar Owen wrote:
On 05/11/2016 09:46 PM, Josh Reynolds wrote:
maybe try [setting up an NTP server] with an odroid?
...
I have several ODroid C2's, and the first thing to note about them is that there is no RTC at all. Also, the oscillator is just a garden-variety non-temperature-compensated quartz crystal, and not necessarily a very precise one, either (precise quartz oscillators can cost more than the whole ODroid board costs). The XU4 and other ODroid devices make nice single-board ARM computers, but have pretty ratty oscillator precision.
You really have to have at least a temperature compensated quartz crystal oscillator (TCXO) to even begin to think about an NTP server, for anything but the most rudimentary of timing. Ovenized quartz oscillators (OCXO) and rubidium standards are the next step up, and most reasonably good GPS-disciplined clocks have at least an ovenized quartz oscillator module (the Agilent Z3816 and kin are of this type).
Does anyone know of any COTS NTP servers that are based on non-ancient Linux kernel versions? In 2012 we bought new GPS/CDMA NTP servers with OCXO that are based on Linux 2.4, but they are fiddly as you can imagine with such an ancient software stack.
What would people recommend for NTP server hardware/software?
-- Sharon Goldberg Computer Science, Boston University http://www.cs.bu.edu/~goldbe