"Danny Mayer" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > [EMAIL PROTECTED] wrote: [...] >> I actually got burned by this. I had someone set up a fake >> stratum 1 server with a "peer" statement in their configuration >> and fed me bad time. I specify it anyway just to be safe. > > A proper configuration with 4-5 servers would have kicked this out > as an outlyer. You should never use just one server otherwise you > get what you configure,
Then the attacker would have needed to mobilise 4 or 5 peer associations. Just have the same server connect through several different IP addresses; they'll probably form a very nice-looking cluster. Making your associations traceable from outside is good NTP practice although questionable security practice. Explicitly enabling any protection that is on by default (in the current) version is certainly good security practice. Out of curiosity, ISTR that NTP will not 'use' more than ten servers - what would happen if there were seven real servers and seven more were peered in by the attacker? Would the first ten go into the selection algorithm, or would fourteen go in and a ranking of ten come out? (Note to Googlers: this is _not_ the right way to defend against this mode of attack. Enable authentication instead.) Groetjes, Maarten Wiltink _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
