[Cialug] Interesting NTP article in ACM TechNews
Nicolai
nicolai-cialug at chocolatine.org
Sat Oct 24 19:05:38 CDT 2015
On Fri, Oct 23, 2015 at 11:12:10AM -0500, Andrew Denner wrote:
> Since we were just talking about NTP, I thought this was good timing from
> the ACM...
>
> *Researchers Warn Computer Clocks Can Be Easily Scrambled*
> *IDG News Service (10/21/15) Jeremy Kirk*
OpenBSD has had a partial fix in OpenNTPD for this problem since
February:
"ntpd(8) can be configured to query the `Date' from trusted
HTTPS servers via TLS. This time information is not used for
precision but acts as an authenticated constraint, thereby
reducing the impact of unauthenticated NTP `Man-In-The-Middle'
attacks. Received NTP packets with time information falling
outside of a range near the constraint will be discarded and
such NTP servers will be marked as invalid."
http://marc.info/?l=openbsd-tech&m=142356166731390&w=2
Example config:
listen on 127.0.0.1
servers pool.ntp.org
constraints from "https://www.google.com/"
constraints from www.twitter.com
OpenNTPD-portable is available for Linux and other systems as well:
http://www.openntpd.org
Nicolai
More information about the Cialug
mailing list