[Cialug] Interesting NTP article in ACM TechNews

Nicolai nicolai-cialug at chocolatine.org
Sat Oct 24 19:05:38 CDT 2015


On Fri, Oct 23, 2015 at 11:12:10AM -0500, Andrew Denner wrote:
> Since we were just talking about NTP, I thought this was good timing from
> the ACM...
> 
> *Researchers Warn Computer Clocks Can Be Easily Scrambled*
> *IDG News Service (10/21/15) Jeremy Kirk*

OpenBSD has had a partial fix in OpenNTPD for this problem since
February:

 "ntpd(8) can be configured to query the `Date' from trusted
  HTTPS servers via TLS.  This time information is not used for
  precision but acts as an authenticated constraint, thereby
  reducing the impact of unauthenticated NTP `Man-In-The-Middle'
  attacks.  Received NTP packets with time information falling
  outside of a range near the constraint will be discarded and
  such NTP servers will be marked as invalid."

http://marc.info/?l=openbsd-tech&m=142356166731390&w=2

Example config:

listen on 127.0.0.1
servers pool.ntp.org
constraints from "https://www.google.com/"
constraints from www.twitter.com


OpenNTPD-portable is available for Linux and other systems as well:

http://www.openntpd.org

Nicolai


More information about the Cialug mailing list