Re: NIST NTP servers

Harlan Stenn writes: > Sharon Goldberg writes: > > Well, if you really want to learn about the NTP servers a target is using > > you can always just sent them a regular NTP timing query (mode 3) and just > > read off the IP address in the reference ID field of the response (mode 4). > > Unless

Re: NIST NTP servers

Sharon Goldberg writes: > Well, if you really want to learn about the NTP servers a target is using > you can always just sent them a regular NTP timing query (mode 3) and just > read off the IP address in the reference ID field of the response (mode 4). Unless the server is an IPv6 server. This

Re: NIST NTP servers

On Wed, 11 May 2016 17:23:31 -0700, Eric Kuhnke said: > average of $150/mo x 500 = $75,000 Id worry more about the fact that somebody is willing to spend $75K/mo to attack me than the fact that it might be possible to wiggle my time base a bit. At that point, you *really* have to worry about

Re: NIST NTP servers

Wed, May 11, 2016 at 05:20:28PM -0700, Scott Weeks wrote: > --- m...@beckman.org wrote: >> From: Mel Beckman >> >> Accurate time to the millisecond is pretty much >> essential for any network troubleshooting. Say >> you want to diagnose a SIP problem. You collect >>

Re: NIST NTP servers

maybe try with an odroid? On May 11, 2016 8:45 PM, "Jon Meek" wrote: > A note on using a Raspberry Pi as a NTP server. In my limited home lab > testing the RPi server had enough instability that Internet time sources > were always preferred by my workstation after ntpd had been

Re: NIST NTP servers

A note on using a Raspberry Pi as a NTP server. In my limited home lab testing the RPi server had enough instability that Internet time sources were always preferred by my workstation after ntpd had been running for a while. Presumably this was due to the RPi's clock frequency drifting. At some

Re: NIST NTP servers

With the caveat that if some of the servers are inside your own private network then learning who the servers are might be less useful. But this could be an issue for targets who use servers that are exclusively on the public internet. On Wed, May 11, 2016 at 3:15 PM, Sharon Goldberg

Re: NIST NTP servers

Well, if you really want to learn about the NTP servers a target is using you can always just sent them a regular NTP timing query (mode 3) and just read off the IP address in the reference ID field of the response (mode 4). Reference ID reveals the target that the client is sync'd to. If you

Re: NIST NTP servers

> On May 11, 2016, at 5:42 PM, Scott Weeks wrote: > > Wouldn't the buffers empty in a FIFO manner? They will empty in whatever order the implementation decides to write them. But what's more important is the order in which the incoming packets are presented to the

Re: NIST NTP servers

Yo Scott! On Wed, 11 May 2016 17:42:34 -0700 "Scott Weeks" wrote: > > If all logs are sent to a unix server that does > > syslogd the log entries would go into the file > > in order no matter what timestamp is on them. > > syslogd can have quite large buffers. >

Re: NIST NTP servers

--- g...@rellim.com wrote: From: "Gary E. Miller" Yo Scott! On Wed, 11 May 2016 17:20:28 -0700 "Scott Weeks" wrote: > If all logs are sent to a unix server that does > syslogd the log entries would go into the file > in order no matter what

Re: NIST NTP servers

Yo Scott! On Wed, 11 May 2016 17:20:28 -0700 "Scott Weeks" wrote: > If all logs are sent to a unix server that does > syslogd the log entries would go into the file > in order no matter what timestamp is on them. syslogd can have quite large buffers. RGDS GARY

Re: NIST NTP servers

Compared to the scale of the budget of small research projects run by national intelligence agency sized organizations, you wouldn't have to be very well funded to run a sizeable proportion of all tor exit nodes with some degree of plausible deniability... 500 credit cards 500 unique bililng

Re: NIST NTP servers

--- m...@beckman.org wrote: From: Mel Beckman Accurate time to the millisecond is pretty much essential for any network troubleshooting. Say you want to diagnose a SIP problem. You collect transaction logs from both phones, the VoIP gateway, and the PBX. Now you try to

Re: NIST NTP servers

On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said: > * Chris Adams: > > > First, out of the box, if you use the public pool servers (default > > config), you'll typically get 4 random (more or less) servers from the > > pool. There are a bunch, so Joe Random Hacker isn't going to have a > >

Re: NIST NTP servers

Cellular carriers also use GPS timing for many reasons that are not readily apparent at the layer 3 router/IP/BGP network level. One big need is RF related, back-to-back sector antenna frequency re-use with GPS synced timing on the remote radio heads, such as an ABAB configuration on a tower or

Re: TeamNANOG youtube video seeding

On Tue, 10 May 2016, james machado wrote: First I am thrilled to see older Nanog meetings making it to youtube. Having said that can the people putting up the files put the Nanog meeting number in the title of the videos to make it easier to search and determine relevance? +1 from me. I also

Re: NIST NTP servers

No, many cell carriers run their own completely independent timing networks. I support some head-ends where they have rubidium clocks and a T1-delivered time source. They do reference GPS, and many cell sites have GPS as a backup clock (you can see their conical antennas on the very top of the

Re: NIST NTP servers

* Chris Adams: > First, out of the box, if you use the public pool servers (default > config), you'll typically get 4 random (more or less) servers from the > pool. There are a bunch, so Joe Random Hacker isn't going to have a > high chance of guessing the servers your system is using. A

Re: CALEA

On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel wrote: AFAIK being able to do a lawful intercept on a specific, named, individual's service has been a requirement for providers since 2007. It's been required for longer than that. The telco I worked for over a decade ago

Re: NIST NTP servers

On 05/11/2016 07:46 AM, Baldur Norddahl wrote: But would you not need to actually spend three times $300 to get a good redundant solution? While we are there, why not go all the way and get a rubidium standard with GPS sync? Anyone know of a (relatively) cheap solution with NTP output?

Re: NIST NTP servers

On 05/11/2016 12:05 AM, Joe Klein wrote: Is this group aware of the incident with tock.usno.navy.mil & tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12 years for the period of one hour, then return? ... I remember it like it was only four years ago oh, wait

Re: NIST NTP servers

On Wed, 11 May 2016 15:36:34 -, "Jay R. Ashworth" said: > CDMA and GSM are false diversity: both network types nodes *get their time* > from GPS, so far as I know. I'll make the fairly reasonable assumption that most readers of this list have networks that span multiple buildings. If

Re: NIST NTP servers

On Wed, May 11, 2016 at 03:24:43PM +, Jay R. Ashworth wrote: > We're all aware this project is underway, right? > > https://www.ntpsec.org/ Despite the name, I'm not aware of any significant protocol changes. It's just a recent fork of the reference implementation minus the

Re: NIST NTP servers

- Original Message - > From: "Mel Beckman" > Read deeper into the thread and you'll find where I sourced inexpensive > RF-based > NTP servers using CDMA, GSM, and even WWV. All radically different > technologies > that are unlikely to have common failure modes. But

Re: NIST NTP servers

- Original Message - > From: "Jared Mauch" >> Yes, and properly monitor your ntpd instances. > > And upgrade them. > > Some software distributors don’t ship modern software. if you > are using a distribution packaged ntpd it’s likely old and > difficult to

Re: NIST NTP servers

On 5/10/16 21:05, Joe Klein wrote: Is this group aware of the incident with tock.usno.navy.mil & tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12 years for the period of one hour, then return? The reasons were not fully explained, but the impact was global. Routers,

RE: NIST NTP servers

-Original Message- >From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Leo Bicknell >Sent: Wednesday, May 11, 2016 9:31 AM >To: nanog@nanog.org >Subject: Re: NIST NTP servers >Personally, my network gets NTP from 14 stratum 1 sources right now. >You, and the hacker, do not know

Re: NIST NTP servers

GPS + a cesium or rubidium frequency standard is all you need. Too expensive? Then time isn't important to your organization.

Re: NIST NTP servers

In a message written on Wed, May 11, 2016 at 09:00:54AM -0500, Josh Reynolds wrote: > I hope your receivers aren't all from a single source. I have 4 each ACTS, GPS, and CDMA in my list, agumented with a pair of PTP. Amazingly right now all but 3 are within 2 microsconds of each other, and

Re: CALEA

In a message written on Tue, May 10, 2016 at 03:00:59PM -0500, Josh Reynolds wrote: > This is a large list that includes many Tier 1 network operators, > government agencies, and Fortune 500 network operators. > > The silence should be telling. NANOG has a strong self-selection for people who

Re: NIST NTP servers

Josh, Read deeper into the thread and you'll find where I sourced inexpensive RF-based NTP servers using CDMA, GSM, and even WWV. All radically different technologies that are unlikely to have common failure modes. But yes, buying different brands can't hurt either. -mel beckman > On May

Re: NIST NTP servers

Andreas, Most data centers will require a remotely positioned NTP server, which is actually easier and cheaper than a remotely located active GPS antenna. I have placed the $300 commercial NTP servers in an environmental box on the roof, powering t by PoE, without problems. You don't need a

Re: CALEA

AFAIK being able to do a lawful intercept on a specific, named, individual's service has been a requirement for providers since 2007. I have never heard of a provider, big or small, being called out for being unable to provide this service when requested. I would be surprised if a national

Re: NIST NTP servers

I hope your receivers aren't all from a single source. I was in Iraq when this ( http://dailycaller.com/2010/06/01/glitch-shows-how-much-us-military-relies-on-gps/ ) happened, which meant I had no GPS guided indirect fire assets for 2 weeks. On Wed, May 11, 2016 at 8:31 AM, Leo Bicknell

Re: NIST NTP servers

Hi, > Boss: That sounds expensive. How much are we talking? > IT guy: $300 Beware! Over the past year we made engineering samples to deploy to datacenters. The goal was to use GPS and PPS to discipline ntpd appliances and serve as stratum 1 to other NTP distribution servers without the $5k

third party single pole administrator regimes

This is outside plant related. Ignore if all you do is configure routers (not that there is anything wrong with that.) I would be interested in any network provider's experiences with third party single pole administrator regulatory regimes, such as Connecticut's. Please respond privately and I

RE: NIST NTP servers

On 5/10/2016 at 10:30 AM, "Chuck Church" wrote: > >It doesn't really. Granted there are a lot of CVEs coming out for >NTP the >last year or so. But I just don't think there are that many >attacks on it. >It's just not worth the effort. Changing time on devices is

Re: NIST NTP servers

_Everything_ has vulnerabilities and using _any_ external source opens your network and infrastructure to disruptions. NTP has been used for DDoS amplification attacks recently, but so has DNS and other well known/heavily used protocols. With the right protections, syncing with an external NTP

VirginMedia AS5089

Can somebody contact me offline from VirginMedia UK regarding a BGP advertisement for 192.34.50.0/24 originating from AS1849 please Thanks Simon

Re: NIST NTP servers

In a message written on Tue, May 10, 2016 at 08:23:04PM +, Mel Beckman wrote: > All because of misplaced trust in a tiny UDP packet that can worm its way > into your network from anywhere on the Internet. > > I say you’re crazy if you don’t run a GPS-based NTP server, especially given >

Re: NIST NTP servers

Tue, May 10, 2016 at 04:59:02PM +0200, Stephane Bortzmeyer wrote: > On Tue, May 10, 2016 at 10:52:28AM -0400, > valdis.kletni...@vt.edu wrote > a message of 37 lines which said: > > > Note that they *do* have motivation to keep it working, simply > > because so much

Re: NIST NTP servers

But would you not need to actually spend three times $300 to get a good redundant solution? While we are there, why not go all the way and get a rubidium standard with GPS sync? Anyone know of a (relatively) cheap solution with NTP output? https://en.wikipedia.org/wiki/Rubidium_standard

Re: NIST NTP servers

Building a S1 system with RaspberryPis would not fly in most of the corporate/enterprise environments I've worked in (random 'appliances', non-uniformity, and lack of support are all glaring issues). Get a PCIe card with a BNC connector and dual power supplies for life in a data center. For

Re: NIST NTP servers

What about something like this? http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html Has anyone used a Pi to create their own server? On Wed, May 11, 2016 at 3:24 AM, Mel Beckman wrote: > Regarding Roland’s reference to time and position spoofing via a hacked > GPS signal, the

Re: NIST NTP servers

Regarding Roland’s reference to time and position spoofing via a hacked GPS signal, the hacker has to get physical line of sight to the victim’s antenna in order to succeed with this attack. That’s likely within a few blocks, if not within a few feet. And a rooftop antenna might require a drone

Re: NIST NTP servers

Regarding Roland’s reference to time and position spoofing via a hacked GPS signal, the hacker has to get physical line of sight to the victim’s antenna in order to succeed with this attack. That’s likely within a few blocks, if not within a few feet. And a rooftop antenna might require a drone

Re: NIST NTP servers

Regarding Roland’s reference to time and position spoofing via a hacked GPS signal, the hacker has to get physical line of sight to the victim’s antenna in order to succeed with this attack. That’s likely within a few blocks, if not within a few feet. And a rooftop antenna might require a drone