[time-nuts] NTP as vector for DDOS attacks?
http://arstechnica.com/security/2014/01/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol/ Interesting.. throw requests at an NTP server that look as if they come from the target, prompting large responses to the victim, presumably to overload it. The article talks about how the victim site can easily filter out the messages from the NTP server, but does not seem to discuss the societal impact of potentially screwing up a public service (the NTP server) ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] WAAS.....
Robert, Thought as much but hadn't researched it. The next time it goes into annual, I'll see if I can get them to install the filter on the KY197. I haven't tried tuning the #2 Nav/Com, a KX165, to see if the same problem arises there as well. Perhaps the KX165 has a better behaved LO. As I said, just installing the 'remote' antenna on the GPSMAP 396, which brings a much stronger GPS signal, solves the problem as well. Thanks again. Joe -Original Message- From: time-nuts-boun...@febo.com [mailto:time-nuts-boun...@febo.com] On Behalf Of Robert Atkinson Sent: Friday, January 10, 2014 1:49 AM To: Discussion of precise time and frequency measurement Subject: Re: [time-nuts] WAAS. Hi, This is a known problem. It's leakage form the local oscillator (LO) of the Ky197. The KYa97 has a 10.7 MHz IF and high side local oscillator. So the LO is 119.9 + 10.7 = 130.6MHz. 12th harmonic is in the GPS bandwith. Cure is a notch filer on the KY197 antenna connector. examples are a TED 4-70-54 http://www.edmo.com/index.php?module=productsfunc=displayprod_id=18006 or Telegartner J01006A0017 or make your own with a BNC T and a bit of rigid coax (Experimental or permit Acft only :-). Other radios including VHF Nav have similar issues. Robert G8RPI (CEng MRAeS) From: J. L. Trantham jlt...@att.net To: 'Discussion of precise time and frequency measurement' time-nuts@febo.com Sent: Friday, 10 January 2014, 1:53 Subject: Re: [time-nuts] WAAS. I have had loss of GPS position on a 'hand-held' unit (Garmin GPSMAP 396) when flying into PNS. When I switch to tower frequency (119.9 MHz) the unit loses its position. I think it is related to some 'spur' related to the #1 Nav/Com (King KY197) being tuned to that frequency. If I replace the unit's GPS antenna with the 'remote' antenna, secured to the windshield, all the problems go away. I think it is a 'spur' of the appropriate magnitude when the 'portable' antenna is still installed. Joe -Original Message- From: time-nuts-boun...@febo.com [mailto:time-nuts-boun...@febo.com] On Behalf Of Brian Lloyd Sent: Thursday, January 09, 2014 8:47 AM To: Discussion of precise time and frequency measurement Subject: Re: [time-nuts] WAAS. On 1/9/14 12:20 AM, Joe Leikhim wrote: GPS jamming, intentional or not is pretty serious, and the FCC takes this seriously, but unless you have some pretty hard evidence they may not find it. In my case my most interesting outage was when I lost all GPS while over the Atlantic ocean between Haiti and the island of Great Inagua in the Bahamas. It is a bit difficult to stop and look around while flying at 8,500'. I took it for a general GPS outage but now I suspect jamming. When I was living on my boat in the Virgin Islands (I built a WiFi-based WISP for marinas and anchorages in the USVI) the US Customs interdiction boat was only about 4 slips away from me. I often talked with the agents either going out or coming back from a run. (You do NOT want to screw with these guys! They are armed to the teeth!) I now realize that they would jam GPS so that the druggies couldn't get their drops right. (They also admitted that, most of the time, they couldn't find the drug runners' boats anyway and figured they got less than 5% of what they were after. So much for the War on Drugs.) The US Coast Guard had (has?) a base on Great Inagua. They run a fleet of helicopters out of there for __ (redacted - read between the lines). I got a kick how, when they were coming and going, they would announce their movements to other aircraft using a civil ID rather than their military flight ID. At this point I suspect I may have been shadowed and my GPS jammed. Thank god my airplane still had an LF/MF automatic direction finder (ADF) aboard. I was able to fall back to navigating using the non-directional LF beacon on Great Inagua. After refueling at Great Inagua I continued on sans GPS for nearly 100mi when POOF GPS suddenly came back on. I wonder what the FCC does if it discovers it is another governmental agency that is doing the jamming? ;-) I must admit, I like the idea of multi-system sensors that will track GPS, GLONASS, and (hopefully) Galileo and the Chinese satellite-based navigation system that is going up. For that matter, is anyone running one of the new multi-system receivers? I notice that Garmin is selling them as a matter of course now. The prevalence of jamming might be the reason why. -- Brian Lloyd, WB6RQN/J79BPL 706 Flightline Drive Spring Branch, TX 78070 USA br...@lloyd.com +1.916.877.5067 ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to
Re: [time-nuts] OT - Old Hatfield 2105 Step attenuator specs
On 1/8/2014 11:13 PM, Alan Melia wrote: /Hi Alberto it is quite interesting to continue that test with no attenuator but the shells of the coax plugs connected together. I would guess with the gear you have the resultant would be at least 120dB downbut this is not the case for all signal generators!/ Hi Alan, quite true. I performed the test you suggested, using as generator a RohdeSchwarz SMDU that has a calibrated output down to -140 dBm, so it must be well shielded... I used 10 MHz as frequency, and, given that the settings of this forum do not allow HTML (why ?) these are the links to the screen captures stored on my Dropbox account. As selective voltmeter I used the ELAD FDM-S1 receiver together with, guess what... Winrad :-) This is what I see with the Hatfield attenuator set to its maximum, i.e. 100 dB : https://dl.dropboxusercontent.com/u/15089947/hatfield-100dB.gif Setting it to 0 dB gives this result : https://dl.dropboxusercontent.com/u/15089947/hatfield0dB.gif So you can see that the difference between the two measures is just 88 dB, not the theoretical 100... And it is almost all to be attributed to internal leakage of the attenuator, because, excluding the attenuator, and just connecting together the two BNC shells, leaving the center pin unconnected, gives this : https://dl.dropboxusercontent.com/u/15089947/hatfield-shells.gif So the Hatfield attenuator IMHO can be fruitfully used only if you do not pretend from it the utmost precision at high attenuation settings. 73 Alberto I2PHD ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] WAAS.....
On Fri, Jan 10, 2014 at 3:32 AM, Joe Leikhim jleik...@leikhim.com wrote: Once at St John USVI, I spotted a huge luxury motor yacht anchored with 18 to 20 VHF or UHF fiberglass whip antennas attached top side. Never could figure why they needed so many. A Time-Nut's boat? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
[time-nuts] Phase Noise at 5-10Mhz
I was wondering what kind of Phase Noise performance benchmarks Time Nuts have achieved in their labs. I have been rebuilding my Time and Freq test system for the last few years and at times it has been humbling to say the least. I am finally seeing light at the end of the tunnel and seem to have gotten the systemic noise down to where I can really start comparing the individual oscillators I have come across over the years. My approach was to place everything in several Agilent equipment racks and I have even questioned the wisdom of that more then once as I have struggled to set up a state of the art system. My system can be Phase locked, and the various quartz oscillators can be configured in series and parallel so each element of the system can be compare. I know the simplest approach is a Phase Noise test set a Ref and DUT oscillators some batteries loose on a bench with some filters and devices to break ground loops. So what real word combined uncertainty number have you been able to achieve at 5-10MHz at an offset of 1Hz 10Hz and noise floor. I struggled at several points originally with systemic noise due to ground loops from all the LAN, USB, and coaxial cables interconnecting the system elements and soaking between reference signals due to sheilding issues from normal RG/58 cables and the verious Cesium, GPS, and Quartz standards. Slowly the system has improved from a shaky start for 5MHz at around -105db @ 1Hz toward my compromised goal of 5Mhz at -120dB @ 1Hz. I am hoping find ideas on how to surpass -120db @ 1Hz. I have heard some impressive number from some of the distiguished members and it would be interesting to how those numbers were achieved, and what was used as a reference and measurement system. Thanks and Happy New Years. Thomas Knox ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] NTP as vector for DDOS attacks?
It's not a big deal. Even if one pool NTP server is down, there are literally hundreds others and most NTP users are configured to look at between three and five. Not only that if they POOL servers are randomly assigned so if one of your NTP servers is taken down, next time it is unlikely you'd get hooked up to the same pool server Basically taking down an NTP server is just like a kid at school covering over a clock so no one will know what time it is The easy solution is that everyone will just look at a different clock. I actually doubt you could take down a public NTP server unless you used a distributed attack with thousands of PCs all sending packets. On Fri, Jan 10, 2014 at 4:32 AM, Jim Lux jim...@earthlink.net wrote: http://arstechnica.com/security/2014/01/dos-attacks- that-took-down-big-game-sites-abused-webs-time-synch-protocol/ Interesting.. throw requests at an NTP server that look as if they come from the target, prompting large responses to the victim, presumably to overload it. The article talks about how the victim site can easily filter out the messages from the NTP server, but does not seem to discuss the societal impact of potentially screwing up a public service (the NTP server) ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/ mailman/listinfo/time-nuts and follow the instructions there. -- Chris Albertson Redondo Beach, California ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] NTP as vector for DDOS attacks?
On Fri, Jan 10, 2014 at 2:52 PM, Chris Albertson albertson.ch...@gmail.comwrote: It's not a big deal. Even if one pool NTP server is down On Fri, Jan 10, 2014 at 4:32 AM, Jim Lux jim...@earthlink.net wrote: The article talks about how the victim site can easily filter out the messages from the NTP server, but does not seem to discuss the societal impact of potentially screwing up a public service (the NTP server) It's an amplification attack. It's about taking down citi.com or whitehouse.gov -- not taking down pool.ntp.org (or any part of it). ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] NTP as vector for DDOS attacks?
On 1/10/14 1:06 PM, Paul wrote: On Fri, Jan 10, 2014 at 2:52 PM, Chris Albertson albertson.ch...@gmail.comwrote: It's not a big deal. Even if one pool NTP server is down On Fri, Jan 10, 2014 at 4:32 AM, Jim Lux jim...@earthlink.net wrote: The article talks about how the victim site can easily filter out the messages from the NTP server, but does not seem to discuss the societal impact of potentially screwing up a public service (the NTP server) It's an amplification attack. It's about taking down citi.com or whitehouse.gov -- not taking down pool.ntp.org (or any part of it). Yes.. but how long before someone thinks of putting the amplifier after a botnet, rather than driving it directly. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] NTP as vector for DDOS attacks?
This amplification attack vector is really easy to stop. The procedure is documented in the CERT advisory, which was released with almost no forewarning to me or my team. While we knew about it and drafted the mitigation information and tweaked other portions of the announcement, we were expecting a bit more time to prepare information for the NTP and NTF websites. If there are vulnerable systems out there that cannot be configured to behave well, then the vendors of those systems will receive a wakeup call and get a fair amount of bad press. A silver lining is that this situation may induce folks to donate to NTF, join NTF's NTP Consortium, and/or become inaugural members of NTF's Certification and Compliance Program, which will make sure that default configurations don't have these or similar problems. It's great to talk about all of these things. I submit it's even better for people and institutions who care about network time to financially support Network Time Foundation. -- Harlan Stenn st...@ntp.org http://networktimefoundation.org - be a member! ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
Re: [time-nuts] Trimble Studio, what is it?
Trimble Studio works under wine (under linux). This is the newest version from the Trimble website v2.02.6 dated 10/25/2013 It's not prefect, some menu items will break it. But choosing your com port as a new Connection and GPS will show the Trimble Thunderbolt status. As far as I can tell, there seems to be better logging abilities than the older software. On Sun, Jan 5, 2014 at 5:58 AM, Chris Wilson ch...@chriswilson.tv wrote: 05/01/2014 10:57 I see occasional references to Trimble Studio here. What is it please? An alternative to Lady Heather for Thunderbolts, or have I missed the plot entirely? Thanks. -- Best Regards, Chris Wilson. mailto: ch...@chriswilson.tv ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there. ___ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.