Harlan Stenn writes:
> Sharon Goldberg writes:
> > Well, if you really want to learn about the NTP servers a target is using
> > you can always just sent them a regular NTP timing query (mode 3) and just
> > read off the IP address in the reference ID field of the response (mode 4).
>
> Unless
Sharon Goldberg writes:
> Well, if you really want to learn about the NTP servers a target is using
> you can always just sent them a regular NTP timing query (mode 3) and just
> read off the IP address in the reference ID field of the response (mode 4).
Unless the server is an IPv6 server. This
On Wed, 11 May 2016 17:23:31 -0700, Eric Kuhnke said:
> average of $150/mo x 500 = $75,000
Id worry more about the fact that somebody is willing to spend $75K/mo to
attack me than the fact that it might be possible to wiggle my time base a bit.
At that point, you *really* have to worry about
Wed, May 11, 2016 at 05:20:28PM -0700, Scott Weeks wrote:
> --- m...@beckman.org wrote:
>> From: Mel Beckman
>>
>> Accurate time to the millisecond is pretty much
>> essential for any network troubleshooting. Say
>> you want to diagnose a SIP problem. You collect
>>
maybe try with an odroid?
On May 11, 2016 8:45 PM, "Jon Meek" wrote:
> A note on using a Raspberry Pi as a NTP server. In my limited home lab
> testing the RPi server had enough instability that Internet time sources
> were always preferred by my workstation after ntpd had been
A note on using a Raspberry Pi as a NTP server. In my limited home lab
testing the RPi server had enough instability that Internet time sources
were always preferred by my workstation after ntpd had been running for a
while. Presumably this was due to the RPi's clock frequency drifting. At
some
With the caveat that if some of the servers are inside your own private
network then learning who the servers are might be less useful.
But this could be an issue for targets who use servers that are exclusively
on the public internet.
On Wed, May 11, 2016 at 3:15 PM, Sharon Goldberg
Well, if you really want to learn about the NTP servers a target is using
you can always just sent them a regular NTP timing query (mode 3) and just
read off the IP address in the reference ID field of the response (mode 4).
Reference ID reveals the target that the client is sync'd to.
If you
> On May 11, 2016, at 5:42 PM, Scott Weeks wrote:
>
> Wouldn't the buffers empty in a FIFO manner?
They will empty in whatever order the implementation decides to write them.
But what's more important is the order in which the incoming packets are
presented to the
Yo Scott!
On Wed, 11 May 2016 17:42:34 -0700
"Scott Weeks" wrote:
> > If all logs are sent to a unix server that does
> > syslogd the log entries would go into the file
> > in order no matter what timestamp is on them.
>
> syslogd can have quite large buffers.
>
--- g...@rellim.com wrote:
From: "Gary E. Miller"
Yo Scott!
On Wed, 11 May 2016 17:20:28 -0700
"Scott Weeks" wrote:
> If all logs are sent to a unix server that does
> syslogd the log entries would go into the file
> in order no matter what
Yo Scott!
On Wed, 11 May 2016 17:20:28 -0700
"Scott Weeks" wrote:
> If all logs are sent to a unix server that does
> syslogd the log entries would go into the file
> in order no matter what timestamp is on them.
syslogd can have quite large buffers.
RGDS
GARY
Compared to the scale of the budget of small research projects run by
national intelligence agency sized organizations, you wouldn't have to be
very well funded to run a sizeable proportion of all tor exit nodes with
some degree of plausible deniability...
500 credit cards
500 unique bililng
--- m...@beckman.org wrote:
From: Mel Beckman
Accurate time to the millisecond is pretty much
essential for any network troubleshooting. Say
you want to diagnose a SIP problem. You collect
transaction logs from both phones, the VoIP
gateway, and the PBX. Now you try to
On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
> * Chris Adams:
>
> > First, out of the box, if you use the public pool servers (default
> > config), you'll typically get 4 random (more or less) servers from the
> > pool. There are a bunch, so Joe Random Hacker isn't going to have a
> >
Cellular carriers also use GPS timing for many reasons that are not readily
apparent at the layer 3 router/IP/BGP network level. One big need is RF
related, back-to-back sector antenna frequency re-use with GPS synced
timing on the remote radio heads, such as an ABAB configuration on a tower
or
On Tue, 10 May 2016, james machado wrote:
First I am thrilled to see older Nanog meetings making it to youtube.
Having said that can the people putting up the files put the Nanog
meeting number in the title of the videos to make it easier to search
and determine relevance?
+1 from me. I also
No, many cell carriers run their own completely independent timing networks. I
support some head-ends where they have rubidium clocks and a T1-delivered time
source. They do reference GPS, and many cell sites have GPS as a backup clock
(you can see their conical antennas on the very top of the
* Chris Adams:
> First, out of the box, if you use the public pool servers (default
> config), you'll typically get 4 random (more or less) servers from the
> pool. There are a bunch, so Joe Random Hacker isn't going to have a
> high chance of guessing the servers your system is using.
A
On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel wrote:
AFAIK being able to do a lawful intercept on a specific, named,
individual's service has been a requirement for providers since 2007.
It's been required for longer than that. The telco I worked for over a
decade ago
On 05/11/2016 07:46 AM, Baldur Norddahl wrote:
But would you not need to actually spend three times $300 to get a
good redundant solution?
While we are there, why not go all the way and get a rubidium standard
with GPS sync? Anyone know of a (relatively) cheap solution with NTP
output?
On 05/11/2016 12:05 AM, Joe Klein wrote:
Is this group aware of the incident with tock.usno.navy.mil &
tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12
years for the period of one hour, then return?
...
I remember it like it was only four years ago oh, wait
On Wed, 11 May 2016 15:36:34 -, "Jay R. Ashworth" said:
> CDMA and GSM are false diversity: both network types nodes *get their time*
> from GPS, so far as I know.
I'll make the fairly reasonable assumption that most readers of this list have
networks that span multiple buildings.
If
On Wed, May 11, 2016 at 03:24:43PM +, Jay R. Ashworth wrote:
> We're all aware this project is underway, right?
>
> https://www.ntpsec.org/
Despite the name, I'm not aware of any significant protocol
changes. It's just a recent fork of the reference implementation
minus the
- Original Message -
> From: "Mel Beckman"
> Read deeper into the thread and you'll find where I sourced inexpensive
> RF-based
> NTP servers using CDMA, GSM, and even WWV. All radically different
> technologies
> that are unlikely to have common failure modes. But
- Original Message -
> From: "Jared Mauch"
>> Yes, and properly monitor your ntpd instances.
>
> And upgrade them.
>
> Some software distributors don’t ship modern software. if you
> are using a distribution packaged ntpd it’s likely old and
> difficult to
On 5/10/16 21:05, Joe Klein wrote:
Is this group aware of the incident with tock.usno.navy.mil &
tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12
years for the period of one hour, then return?
The reasons were not fully explained, but the impact was global. Routers,
-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Leo Bicknell
>Sent: Wednesday, May 11, 2016 9:31 AM
>To: nanog@nanog.org
>Subject: Re: NIST NTP servers
>Personally, my network gets NTP from 14 stratum 1 sources right now.
>You, and the hacker, do not know
GPS + a cesium or rubidium frequency standard is all you need.
Too expensive? Then time isn't important to your organization.
In a message written on Wed, May 11, 2016 at 09:00:54AM -0500, Josh Reynolds
wrote:
> I hope your receivers aren't all from a single source.
I have 4 each ACTS, GPS, and CDMA in my list, agumented with a pair
of PTP. Amazingly right now all but 3 are within 2 microsconds of
each other, and
In a message written on Tue, May 10, 2016 at 03:00:59PM -0500, Josh Reynolds
wrote:
> This is a large list that includes many Tier 1 network operators,
> government agencies, and Fortune 500 network operators.
>
> The silence should be telling.
NANOG has a strong self-selection for people who
Josh,
Read deeper into the thread and you'll find where I sourced inexpensive
RF-based NTP servers using CDMA, GSM, and even WWV. All radically different
technologies that are unlikely to have common failure modes. But yes, buying
different brands can't hurt either.
-mel beckman
> On May
Andreas,
Most data centers will require a remotely positioned NTP server, which is
actually easier and cheaper than a remotely located active GPS antenna. I have
placed the $300 commercial NTP servers in an environmental box on the roof,
powering t by PoE, without problems.
You don't need a
AFAIK being able to do a lawful intercept on a specific, named,
individual's service has been a requirement for providers since 2007. I
have never heard of a provider, big or small, being called out for being
unable to provide this service when requested. I would be surprised if a
national
I hope your receivers aren't all from a single source.
I was in Iraq when this (
http://dailycaller.com/2010/06/01/glitch-shows-how-much-us-military-relies-on-gps/
) happened, which meant I had no GPS guided indirect fire assets for 2
weeks.
On Wed, May 11, 2016 at 8:31 AM, Leo Bicknell
Hi,
> Boss: That sounds expensive. How much are we talking?
> IT guy: $300
Beware!
Over the past year we made engineering samples to deploy to datacenters.
The goal was to use GPS and PPS to discipline ntpd appliances and serve
as stratum 1 to other NTP distribution servers without the $5k
This is outside plant related. Ignore if all you do is configure routers
(not that there is anything wrong with that.)
I would be interested in any network provider's experiences with third
party single pole administrator regulatory regimes, such as Connecticut's.
Please respond privately and I
On 5/10/2016 at 10:30 AM, "Chuck Church" wrote:
>
>It doesn't really. Granted there are a lot of CVEs coming out for
>NTP the
>last year or so. But I just don't think there are that many
>attacks on it.
>It's just not worth the effort. Changing time on devices is
_Everything_ has vulnerabilities and using _any_ external source opens your
network and infrastructure to disruptions. NTP has been used for DDoS
amplification attacks recently, but so has DNS and other well known/heavily
used protocols.
With the right protections, syncing with an external NTP
Can somebody contact me offline from VirginMedia UK regarding a BGP
advertisement for 192.34.50.0/24 originating from AS1849 please
Thanks
Simon
In a message written on Tue, May 10, 2016 at 08:23:04PM +, Mel Beckman
wrote:
> All because of misplaced trust in a tiny UDP packet that can worm its way
> into your network from anywhere on the Internet.
>
> I say you’re crazy if you don’t run a GPS-based NTP server, especially given
>
Tue, May 10, 2016 at 04:59:02PM +0200, Stephane Bortzmeyer wrote:
> On Tue, May 10, 2016 at 10:52:28AM -0400,
> valdis.kletni...@vt.edu wrote
> a message of 37 lines which said:
>
> > Note that they *do* have motivation to keep it working, simply
> > because so much
But would you not need to actually spend three times $300 to get a good
redundant solution?
While we are there, why not go all the way and get a rubidium standard
with GPS sync? Anyone know of a (relatively) cheap solution with NTP output?
https://en.wikipedia.org/wiki/Rubidium_standard
Building a S1 system with RaspberryPis would not fly in most of the
corporate/enterprise environments I've worked in (random 'appliances',
non-uniformity, and lack of support are all glaring issues).
Get a PCIe card with a BNC connector and dual power supplies for life in a
data center.
For
What about something like this?
http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html
Has anyone used a Pi to create their own server?
On Wed, May 11, 2016 at 3:24 AM, Mel Beckman wrote:
> Regarding Roland’s reference to time and position spoofing via a hacked
> GPS signal, the
Regarding Roland’s reference to time and position spoofing via a hacked GPS
signal, the hacker has to get physical line of sight to the victim’s antenna in
order to succeed with this attack. That’s likely within a few blocks, if not
within a few feet. And a rooftop antenna might require a drone
Regarding Roland’s reference to time and position spoofing via a hacked GPS
signal, the hacker has to get physical line of sight to the victim’s antenna in
order to succeed with this attack. That’s likely within a few blocks, if not
within a few feet. And a rooftop antenna might require a drone
Regarding Roland’s reference to time and position spoofing via a hacked GPS
signal, the hacker has to get physical line of sight to the victim’s antenna in
order to succeed with this attack. That’s likely within a few blocks, if not
within a few feet. And a rooftop antenna might require a drone
48 matches
Mail list logo