On Thu, Mar 24, 2011 at 4:18 PM, <j...@specsol.spam.sux.com> wrote: > Hal Murray <hal-use...@ip-64-139-1-69.sjc.megapath.net> wrote: >> In article <ghps58-1a....@mail.specsol.com>, >> j...@specsol.spam.sux.com writes: >> >>>When I see questions like this my first response is "Why all the bother?". >>> >>>There is nothing secret or proprietary about the time of day. >>> >>>Since all NTP servers provide UTC, the service reveals nothing about the >>>machine other than the fact that the clock is correct. >>> >>>If you don't want your resources utilized by outsiders, you just block >>>access to the NTP port for everyone but your own clients as a blocked >>>port uses less resources than denying an unsucessful authorization does. >>> >>>Am I missing something?? >> >> Yes. The encryption also verifies that you are talking to the >> server you think you are talking to rather than an imposter. > > If you specify the server by IP address, how does that happen and who > would bother to do it?
The most obvious and easy way is that I cut the wire that goes from your house to your ISP and place a computer (and modems) at the cut point. It can change any bit in any packet. I would not bother with your house but a bank, maybe. If I could make transactions that were backdated I could make a lot of money even if only slightly back dated by 10 seconds. > > IP hijacking will disrupt a lot more than just NTP. It can but, that is up to the hijacker. A "man in the middle" attack can filter network packets and change only the bits he wants changed > > If your server and its clients are on a corporate network, which is the > usual case for having one's own server, how does this happen? Outsider has taken control of a computer that lives inside your network In general your arguments follows a common mistake. It is equivalent to "I can't figure it out so therefor it can't happen". It is never valid to argue "it's imposable because I can't figure any way to....". To claim something is imposable you need something that is very much like a mathematical proof. -- ===== Chris Albertson Redondo Beach, California _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions