Forrest Christian (List Account) wrote:
In the middle tends to be a more moderate solution which involves a mix of
time transmission methods from a variety of geographically and/or network
diverse sources. Taking time from the public trusted ntp servers and
adding lower cost GPS receivers at
Dear John, ARIN, NANOG,
On Mon, Aug 07, 2023 at 06:24:09PM +, John Curran wrote:
> We have made some fairly significant changes for those customers using
> ARIN Online for routing security administration – see attached message
> for specifics.
Yes, significant changes! I very much appreciate
Those particular boxes are not cheap. (Yes I know the units you talk
about). Note that some of them rely on terrestrial communication of
ephermis data to validate the GPS data to further make the time more
robust.
I was hopefully trying to dispel the seemingly common thread in this
discussion
NANOGers -
We have made some fairly significant changes for those customers using ARIN
Online for routing security administration – see attached message for specifics.
FYI,
/John
John Curran
President and CEO
American Registry for Internet Numbers
Begin forwarded message:
From: ARIN
Forrest,
GPS spoofing may work with a primitive Raspberry Pi-based NTP server, but
commercial industrial NTP servers have specific anti-spoofing mitigations.
There are also antenna diversity strategies that vendors support to ensure the
signal being relied upon is coming from the right
The paper suggests the compromise of critical infrastructure. So, besides
not using NTP, why not stop using DNS ? Just populate a hosts file with all
you need.
BTW, the stratum-0 source you suggested is known to have been manipulated
in the past
Diversity from GPS might also be obtained by setting one receiver for GPS
and another for Galileo. I think I'd skip GLONASS for now :)
On Mon, Aug 7, 2023, 06:09 Rubens Kuhl wrote:
> > > The paper suggests the compromise of critical infrastructure. So,
> besides not using NTP, why not stop
> > The paper suggests the compromise of critical infrastructure. So, besides
> > not using NTP, why not stop using DNS ? Just populate a hosts file with all
> > you need.
>
> Well DNS can be cryptographically secured. There really isn’t any good
> reasons to not sign your zones today. The
On Sun, Aug 6, 2023 at 11:36 PM Mel Beckman wrote:
>
> GPS Selective Availability did not disrupt the timing chain of GPS, only the
> ephemeris (position information). But a government-disrupted timebase
> scenario has never occurred, while hackers are a documented threat.
>
> DNS has DNSSec,
So the Anycast address our devices use internally to find the closest
NTP server is geo-mapped to MU.
So indeed, the pool will only send you a single NTP server in this case.
GeoDNS essentially map you to mu.pool.ntp.org.
You can verify what NTP servers you can expect from the Pool by
On 8/7/23 11:04, Giovane C. M. Moura via NANOG wrote:
TL;DR: I'd guess your NTP Server IP address is geolocated to
Mauritius. The Mauritius zone[0] on the pool has only one server, so
you'll only see this one. To fix it, use europe.pool.ntp.org (_do not_
use pool.ntp.org).
So the Anycast
Hi Mark,
I have NTP servers in Europe that are choosing Tata (6453) to get to
0.freebsd.pool.ntp.org which lives on 197.224.66.40:
NTP is not sync'ing to that address, and sessions stay in an Init
state.
TL;DR: I'd guess your NTP Server IP address is geolocated to Mauritius.
The Mauritius
I forgot to finish my thought in the third paragraph before hitting send.
What I was going to express was that one should choose not only close,
trusted, NTP servers, but also perhaps ones from different government
agencies, or different sources. Sourcing time from multiple sources not
likely
On 8/5/23 21:26, Mel Beckman wrote:
Mark,
You might consider setting up your own GPS-based NTP network. Commercial
Ethernet GPS-sourced NTP servers, such as the Time Machines, TM1000A, are as
little as $400. Or you can roll your own using a Raspberry Pi or similar nano
computer with a
The problem with relying exclusively on GPS to do time distribution is the
ease with which one can spoof the GPS signals.
With a budget of around $1K, not including a laptop, anyone with decent
technical skills could convince a typical GPS receiver it was at any
position and was at any time in
15 matches
Mail list logo