NIST NTP servers

Hello List, In search of stable, disparate stratum 1 NTP sources. Looking for anyone’s advice/experiences (good/bad/ugly/weird) using NIST’s NTP servers per: http://tf.nist.gov/tf-cgi/servers.cgi We tried using “time.nist.gov” which returns varying round-robin addresses (as the link says), but

Re: NIST NTP servers

NTP has vulnerabilities that make it generally unsuitable for provider networks. I strongly recommend getting a GPS-based time server. These are as cheap as $300. Here is one I use quite a bit: http://www.amazon.com/TM1000A-GPS-Network-Time-Server/dp/B002RC3Q4Q You’ll have a stratum 1 clock on

Re: NIST NTP servers

I would second the idea of using your own GPS appliance if possible. On May 9, 2016 11:08 PM, "Mel Beckman" wrote: > NTP has vulnerabilities that make it generally unsuitable for provider > networks. I strongly recommend getting a GPS-based time server. These are > as cheap as $300. Here is one I

Re: NIST NTP servers

On Tue, May 10, 2016 at 03:08:16AM +, Mel Beckman wrote: > NTP has vulnerabilities that make it generally unsuitable for > provider networks. I strongly recommend getting a GPS-based > time server. These are as cheap as $300. Here is one I use quite a bit: So how does this stop from

Re: NIST NTP servers

NTP has vulnerabilities, so using an external source opens your networks and infrastructure to disruptions. Going with an internal GPS/GLONASS/RADIO based S1 allows you to restrict incoming traffic and not rely on volunteers or external entities (which may undergo maintenance or budget issues). M

RE: NIST NTP servers

-Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Majdi S. Abbas > So how does this stop from distributing time to their customers via NTP? > GPS doesn't save the protocol, in particular where the S1 clocks involved are embedded devices with rather co

Re: NIST NTP servers

On Tue, May 10, 2016 at 06:48:52AM -0400, Steven Miano wrote a message of 41 lines which said: > Going with an internal GPS/GLONASS/RADIO based S1 allows you to > restrict incoming traffic and not rely on volunteers or external > entities (which may undergo maintenance or budget issues). You

Re: NIST NTP servers

On Tue, 10 May 2016 16:39:54 +0200, Stephane Bortzmeyer said: > You mean the GPS network is not managed by an external entity? With > budget issues? > > http://www.schriever.af.mil/GPS Note that they *do* have motivation to keep it working, simply because so much of their *own* gear (from gear fo

Re: NIST NTP servers

Ed, and anyone else reading this thread, I’m curious if you’ve looked at their authenticated NTP offering which uses different servers: http://www.nist.gov/pml/div688/grp40/auth-ntp.cfm We’re considering that but haven’t tried yet. David On 5/9/16, 11:01 PM, "NANOG on behalf of b f" wrote

RE: NIST NTP servers

27;Majdi S. Abbas' ; nanog@nanog.org Subject: RE: NIST NTP servers On 5/10/2016 at 10:30 AM, "Chuck Church" wrote: > >It doesn't really. Granted there are a lot of CVEs coming out for NTP >the last year or so. But I just don't think there are that many >

Re: NIST NTP servers

On Tue, May 10, 2016 at 10:52:28AM -0400, valdis.kletni...@vt.edu wrote a message of 37 lines which said: > Note that they *do* have motivation to keep it working, simply > because so much of their *own* gear (from gear for individual > soldiers all the way to strategic bombers and aircraft ca

Re: NIST NTP servers

In a message written on Mon, May 09, 2016 at 11:01:23PM -0400, b f wrote: > In search of stable, disparate stratum 1 NTP sources. http://wpollock.com/AUnix2/NTPstratum1PublicServers.htm > We tried using “time.nist.gov” which returns varying round-robin addresses > (as the link says), but Cisco IO

Re: NIST NTP servers

That would be a very poor idea, since a lot of the circuits the DoD still uses to communicate with are ATM lines :) On Tue, May 10, 2016 at 9:59 AM, Stephane Bortzmeyer wrote: > On Tue, May 10, 2016 at 10:52:28AM -0400, > valdis.kletni...@vt.edu wrote > a message of 37 lines which said: > >> N

Re: NIST NTP servers

On Tue, 10 May 2016 08:07:15 -0700, Brandon Vincent said: > On May 10, 2016 7:59 AM, "Stephane Bortzmeyer" wrote: > > Yes, but they may switch it off for civilian use (by going encrypted, > > for instance) at any time, if it is better for *their* operations. > > I think you are referring to select

Re: NIST NTP servers

On 5/10/2016 11:22 AM, Leo Bicknell wrote: > In a message written on Mon, May 09, 2016 at 11:01:23PM -0400, b f wrote: >> In search of stable, disparate stratum 1 NTP sources. > > http://wpollock.com/AUnix2/NTPstratum1PublicServers.htm > >> We tried using “time.nist.gov” which returns varying rou

Re: NIST NTP servers

On 2016-05-10 15:36, Mike wrote: On 5/10/2016 11:22 AM, Leo Bicknell wrote: In a message written on Mon, May 09, 2016 at 11:01:23PM -0400, b f wrote: In search of stable, disparate stratum 1 NTP sources. http://wpollock.com/AUnix2/NTPstratum1PublicServers.htm We tried using “time.nist.gov”

Re: NIST NTP servers

Yo Chuck! On Tue, 10 May 2016 10:29:35 -0400 "Chuck Church" wrote: > Changing time on > devices is more an annoyance than anything, and doesn't necessarily > get you into a device. So, you are not worried about getting DoS'ed? How about you set the time on your server ahead by 5 years. Got an

Re: NIST NTP servers

> On May 10, 2016, at 3:58 PM, Gary E. Miller wrote: > > I'm sure there are many more examples, but likely you can no longer log > in, via SSH or HTTPS, and your iPhone is dead. I think any of those > would qualify as more than an annoyance. An unnamed vendor has code where if the clock on the

RE: NIST NTP servers

-Original Message- From: Gary E. Miller [mailto:g...@rellim.com] Sent: Tuesday, May 10, 2016 3:58 PM To: Chuck Church Cc: 'Majdi S. Abbas' ; nanog@nanog.org Subject: Re: NIST NTP servers Yo Chuck! On Tue, 10 May 2016 10:29:35 -0400 "Chuck Church" wrote: > Cha

Re: NIST NTP servers

Leo Bicknell writes: > ... > > The correct answer here is to run multiple NTP servers in your > network. And by servers I mean real servers, with good quality > oscellators on the motherboard. Then configure them to talk to > _many_ sources. You need 4 sources of time minimum to redundantly > d

Re: NIST NTP servers

Accurate time to the millisecond is pretty much essential for any network troubleshooting. Say you want to diagnose a SIP problem. You collect transaction logs from both phones, the VoIP gateway, and the PBX. Now you try to merge them to derive the sequence of events. You NEED millisecond accura

Re: NIST NTP servers

Yo Chuck! On Tue, 10 May 2016 16:18:41 -0400 "Chuck Church" wrote: > Ok, annoyance might have been a little light on the severity wording. Yup. > Still, modifying all your incoming NTP packets from all your sources > to actually get your NTP servers to agree on a bad time is tricky. > That is

Re: NIST NTP servers

> On May 10, 2016, at 4:21 PM, Harlan Stenn wrote: > >> Configure all of your devices to get NTP from the servers you run >> using authentication. > > Yes, and properly monitor your ntpd instances. And upgrade them. Some software distributors don’t ship modern software. if you are using a di

Re: NIST NTP servers

Yo Jared! On Tue, 10 May 2016 16:29:26 -0400 Jared Mauch wrote: > If you’re using Redhat based systems consider using chrony > instead, even the new beta fedora 24 uses 4.2.6 derived code > vs 4.2.8 Or, new but under heavy development: NTPsec : https://www.ntpsec.org/ It is a fork of classic

Re: NIST NTP servers

> On May 10, 2016, at 4:40 PM, Gary E. Miller wrote: > > Yo Jared! > Yo, Gary! > On Tue, 10 May 2016 16:29:26 -0400 > Jared Mauch wrote: > >> If you’re using Redhat based systems consider using chrony >> instead, even the new beta fedora 24 uses 4.2.6 derived code >> vs 4.2.8 > > Or, new

Re: NIST NTP servers

Boss: So how did a hacker get in and crash our accounting server, break our VPNs, and kill our network performance? IT guy: He changed our clocks. Boss: How did he do that? IT guy: We have an opening in our firewall that permits time clock packets to come from anywhere in the world, under cert

Re: NIST NTP servers

Once upon a time, Mel Beckman said: > Boss: So how did a hacker get in and crash our accounting server, break our > VPNs, and kill our network performance? > > IT guy: He changed our clocks. So, this has been repeated several times (with how bad things will go if your clocks get changed by year

Re: NIST NTP servers

I don't pretend to know all the ways a hacker can find out what nap servers a company uses, but I can envision a virus that could do that once behind a firewall. Every ntp response lists the current reference ntp server in the next higher stratum. There are many ways that process could harvest a

Re: NIST NTP servers

On 11 May 2016, at 8:59, Mel Beckman wrote: My point is, when the fix is so cheap, why put up with this risk at all? Time and Position Spoofing With Open Source Projects. [.pdf link]

Re: NIST NTP servers

Is this group aware of the incident with tock.usno.navy.mil & tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12 years for the period of one hour, then return? The reasons were not fully explained, but the impact was global. Routers, switches, power grids, phone systems, ce

Re: NIST NTP servers

For quite some time, in debian the default configuration for the ntpd.conf that ships with the package for the ntpd is to poll from four different, semi-randomly assigned DNS pool based sources. I believe the same is true for redhat/centos. In the event that one out of four sources is wildly wrong

Re: NIST NTP servers

Regarding Roland’s reference to time and position spoofing via a hacked GPS signal, the hacker has to get physical line of sight to the victim’s antenna in order to succeed with this attack. That’s likely within a few blocks, if not within a few feet. And a rooftop antenna might require a drone

Re: NIST NTP servers

Regarding Roland’s reference to time and position spoofing via a hacked GPS signal, the hacker has to get physical line of sight to the victim’s antenna in order to succeed with this attack. That’s likely within a few blocks, if not within a few feet. And a rooftop antenna might require a drone

Re: NIST NTP servers

Regarding Roland’s reference to time and position spoofing via a hacked GPS signal, the hacker has to get physical line of sight to the victim’s antenna in order to succeed with this attack. That’s likely within a few blocks, if not within a few feet. And a rooftop antenna might require a drone

Re: NIST NTP servers

What about something like this? http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html Has anyone used a Pi to create their own server? On Wed, May 11, 2016 at 3:24 AM, Mel Beckman wrote: > Regarding Roland’s reference to time and position spoofing via a hacked > GPS signal, the hacker has to get ph

Re: NIST NTP servers

Building a S1 system with RaspberryPis would not fly in most of the corporate/enterprise environments I've worked in (random 'appliances', non-uniformity, and lack of support are all glaring issues). Get a PCIe card with a BNC connector and dual power supplies for life in a data center. For home/

Re: NIST NTP servers

But would you not need to actually spend three times $300 to get a good redundant solution? While we are there, why not go all the way and get a rubidium standard with GPS sync? Anyone know of a (relatively) cheap solution with NTP output? https://en.wikipedia.org/wiki/Rubidium_standard Rega

Re: NIST NTP servers

Tue, May 10, 2016 at 04:59:02PM +0200, Stephane Bortzmeyer wrote: > On Tue, May 10, 2016 at 10:52:28AM -0400, > valdis.kletni...@vt.edu wrote > a message of 37 lines which said: > > > Note that they *do* have motivation to keep it working, simply > > because so much of their *own* gear (from g

Re: NIST NTP servers

In a message written on Tue, May 10, 2016 at 08:23:04PM +, Mel Beckman wrote: > All because of misplaced trust in a tiny UDP packet that can worm its way > into your network from anywhere on the Internet. > > I say you’re crazy if you don’t run a GPS-based NTP server, especially given > tha

Re: NIST NTP servers

_Everything_ has vulnerabilities and using _any_ external source opens your network and infrastructure to disruptions. NTP has been used for DDoS amplification attacks recently, but so has DNS and other well known/heavily used protocols. With the right protections, syncing with an external NTP

RE: NIST NTP servers

On 5/10/2016 at 10:30 AM, "Chuck Church" wrote: > >It doesn't really. Granted there are a lot of CVEs coming out for >NTP the >last year or so. But I just don't think there are that many >attacks on it. >It's just not worth the effort. Changing time on devices is more >an >annoyance than

Re: NIST NTP servers

Hi, > Boss: That sounds expensive. How much are we talking? > IT guy: $300 Beware! Over the past year we made engineering samples to deploy to datacenters. The goal was to use GPS and PPS to discipline ntpd appliances and serve as stratum 1 to other NTP distribution servers without the $5k pric

Re: NIST NTP servers

I hope your receivers aren't all from a single source. I was in Iraq when this ( http://dailycaller.com/2010/06/01/glitch-shows-how-much-us-military-relies-on-gps/ ) happened, which meant I had no GPS guided indirect fire assets for 2 weeks. On Wed, May 11, 2016 at 8:31 AM, Leo Bicknell wrote: >

Re: NIST NTP servers

Andreas, Most data centers will require a remotely positioned NTP server, which is actually easier and cheaper than a remotely located active GPS antenna. I have placed the $300 commercial NTP servers in an environmental box on the roof, powering t by PoE, without problems. You don't need a r

Re: NIST NTP servers

Josh, Read deeper into the thread and you'll find where I sourced inexpensive RF-based NTP servers using CDMA, GSM, and even WWV. All radically different technologies that are unlikely to have common failure modes. But yes, buying different brands can't hurt either. -mel beckman > On May 11

Re: NIST NTP servers

In a message written on Wed, May 11, 2016 at 09:00:54AM -0500, Josh Reynolds wrote: > I hope your receivers aren't all from a single source. I have 4 each ACTS, GPS, and CDMA in my list, agumented with a pair of PTP. Amazingly right now all but 3 are within 2 microsconds of each other, and those

Re: NIST NTP servers

GPS + a cesium or rubidium frequency standard is all you need. Too expensive? Then time isn't important to your organization.

RE: NIST NTP servers

-Original Message- >From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Leo Bicknell >Sent: Wednesday, May 11, 2016 9:31 AM >To: nanog@nanog.org >Subject: Re: NIST NTP servers >Personally, my network gets NTP from 14 stratum 1 sources right now. >You, and the h

Re: NIST NTP servers

On 5/10/16 21:05, Joe Klein wrote: Is this group aware of the incident with tock.usno.navy.mil & tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12 years for the period of one hour, then return? The reasons were not fully explained, but the impact was global. Routers, s

Re: NIST NTP servers

- Original Message - > From: "Jared Mauch" >> Yes, and properly monitor your ntpd instances. > > And upgrade them. > > Some software distributors don’t ship modern software. if you > are using a distribution packaged ntpd it’s likely old and > difficult to determine its lineage due to

Re: NIST NTP servers

- Original Message - > From: "Mel Beckman" > Read deeper into the thread and you'll find where I sourced inexpensive > RF-based > NTP servers using CDMA, GSM, and even WWV. All radically different > technologies > that are unlikely to have common failure modes. But yes, buying different

Re: NIST NTP servers

On Wed, May 11, 2016 at 03:24:43PM +, Jay R. Ashworth wrote: > We're all aware this project is underway, right? > > https://www.ntpsec.org/ Despite the name, I'm not aware of any significant protocol changes. It's just a recent fork of the reference implementation minus the refcloc

Re: NIST NTP servers

On Wed, 11 May 2016 15:36:34 -, "Jay R. Ashworth" said: > CDMA and GSM are false diversity: both network types nodes *get their time* > from GPS, so far as I know. I'll make the fairly reasonable assumption that most readers of this list have networks that span multiple buildings. If somebod

Re: NIST NTP servers

On 05/11/2016 12:05 AM, Joe Klein wrote: Is this group aware of the incident with tock.usno.navy.mil & tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12 years for the period of one hour, then return? ... I remember it like it was only four years ago oh, wait W

Re: NIST NTP servers

On 05/11/2016 07:46 AM, Baldur Norddahl wrote: But would you not need to actually spend three times $300 to get a good redundant solution? While we are there, why not go all the way and get a rubidium standard with GPS sync? Anyone know of a (relatively) cheap solution with NTP output? Ebay

Re: NIST NTP servers

* Chris Adams: > First, out of the box, if you use the public pool servers (default > config), you'll typically get 4 random (more or less) servers from the > pool. There are a bunch, so Joe Random Hacker isn't going to have a > high chance of guessing the servers your system is using. A determi

Re: NIST NTP servers

No, many cell carriers run their own completely independent timing networks. I support some head-ends where they have rubidium clocks and a T1-delivered time source. They do reference GPS, and many cell sites have GPS as a backup clock (you can see their conical antennas on the very top of the t

Re: NIST NTP servers

Cellular carriers also use GPS timing for many reasons that are not readily apparent at the layer 3 router/IP/BGP network level. One big need is RF related, back-to-back sector antenna frequency re-use with GPS synced timing on the remote radio heads, such as an ABAB configuration on a tower or roo

Re: NIST NTP servers

On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said: > * Chris Adams: > > > First, out of the box, if you use the public pool servers (default > > config), you'll typically get 4 random (more or less) servers from the > > pool. There are a bunch, so Joe Random Hacker isn't going to have a > >

Re: NIST NTP servers

--- m...@beckman.org wrote: From: Mel Beckman Accurate time to the millisecond is pretty much essential for any network troubleshooting. Say you want to diagnose a SIP problem. You collect transaction logs from both phones, the VoIP gateway, and the PBX. Now you try to merge them to derive

Re: NIST NTP servers

Compared to the scale of the budget of small research projects run by national intelligence agency sized organizations, you wouldn't have to be very well funded to run a sizeable proportion of all tor exit nodes with some degree of plausible deniability... 500 credit cards 500 unique bililng name

Re: NIST NTP servers

Yo Scott! On Wed, 11 May 2016 17:20:28 -0700 "Scott Weeks" wrote: > If all logs are sent to a unix server that does > syslogd the log entries would go into the file > in order no matter what timestamp is on them. syslogd can have quite large buffers. RGDS GARY

Re: NIST NTP servers

--- g...@rellim.com wrote: From: "Gary E. Miller" Yo Scott! On Wed, 11 May 2016 17:20:28 -0700 "Scott Weeks" wrote: > If all logs are sent to a unix server that does > syslogd the log entries would go into the file > in order no matter what timestamp is on them. syslogd can have quite larg

Re: NIST NTP servers

Yo Scott! On Wed, 11 May 2016 17:42:34 -0700 "Scott Weeks" wrote: > > If all logs are sent to a unix server that does > > syslogd the log entries would go into the file > > in order no matter what timestamp is on them. > > syslogd can have quite large buffers. > -

Re: NIST NTP servers

> On May 11, 2016, at 5:42 PM, Scott Weeks wrote: > > Wouldn't the buffers empty in a FIFO manner? They will empty in whatever order the implementation decides to write them. But what's more important is the order in which the incoming packets are presented to the syslogd process. If you're l

Re: NIST NTP servers

Well, if you really want to learn about the NTP servers a target is using you can always just sent them a regular NTP timing query (mode 3) and just read off the IP address in the reference ID field of the response (mode 4). Reference ID reveals the target that the client is sync'd to. If you do

Re: NIST NTP servers

With the caveat that if some of the servers are inside your own private network then learning who the servers are might be less useful. But this could be an issue for targets who use servers that are exclusively on the public internet. On Wed, May 11, 2016 at 3:15 PM, Sharon Goldberg wrote: > W

Re: NIST NTP servers

A note on using a Raspberry Pi as a NTP server. In my limited home lab testing the RPi server had enough instability that Internet time sources were always preferred by my workstation after ntpd had been running for a while. Presumably this was due to the RPi's clock frequency drifting. At some poi

Re: NIST NTP servers

maybe try with an odroid? On May 11, 2016 8:45 PM, "Jon Meek" wrote: > A note on using a Raspberry Pi as a NTP server. In my limited home lab > testing the RPi server had enough instability that Internet time sources > were always preferred by my workstation after ntpd had been running for a > wh

Re: NIST NTP servers

Wed, May 11, 2016 at 05:20:28PM -0700, Scott Weeks wrote: > --- m...@beckman.org wrote: >> From: Mel Beckman >> >> Accurate time to the millisecond is pretty much >> essential for any network troubleshooting. Say >> you want to diagnose a SIP problem. You collect >> transaction logs from both

Re: NIST NTP servers

On Wed, 11 May 2016 17:23:31 -0700, Eric Kuhnke said: > average of $150/mo x 500 = $75,000 Id worry more about the fact that somebody is willing to spend $75K/mo to attack me than the fact that it might be possible to wiggle my time base a bit. At that point, you *really* have to worry about othe

Re: NIST NTP servers

Sharon Goldberg writes: > Well, if you really want to learn about the NTP servers a target is using > you can always just sent them a regular NTP timing query (mode 3) and just > read off the IP address in the reference ID field of the response (mode 4). Unless the server is an IPv6 server. This

Re: NIST NTP servers

Harlan Stenn writes: > Sharon Goldberg writes: > > Well, if you really want to learn about the NTP servers a target is using > > you can always just sent them a regular NTP timing query (mode 3) and just > > read off the IP address in the reference ID field of the response (mode 4). > > Unless the

Re: NIST NTP servers

On 5/11/2016 11:24 AM, Jay R. Ashworth wrote: > - Original Message - >> From: "Jared Mauch" > >>> Yes, and properly monitor your ntpd instances. >> >> And upgrade them. >> >> Some software distributors don’t ship modern software. if you >> are using a distribution packaged ntpd it’s like

Re: NIST NTP servers

> On May 11, 2016, at 1:42 PM, Majdi S. Abbas wrote: > > On Wed, May 11, 2016 at 03:24:43PM +, Jay R. Ashworth wrote: >> We're all aware this project is underway, right? >> >> https://www.ntpsec.org/ > > Despite the name, I'm not aware of any significant protocol > changes. It's ju

Re: NIST NTP servers

On 2016-05-10 10:59, Stephane Bortzmeyer wrote: > Yes, but they may switch it off for civilian use (by going encrypted, > for instance) at any time, if it is better for *their* operations. In the days of selected availability (GPS precision reduced on purpose), the time signal was still very acc

Re: NIST NTP servers

On 2016-05-11 10:30, Mel Beckman wrote: > Read deeper into the thread and you'll find where I sourced inexpensive > RF-based NTP servers using CDMA, GSM, and even WWV. For shortwave, you would need to calculate propagation delay between transmitter and receiver. (does signal reach via line of s

Re: NIST NTP servers

The WWV signal is still accurate within a few milliseconds. Light is fast. Really fast. -mel > On May 12, 2016, at 10:19 AM, Jean-Francois Mezei > wrote: > > On 2016-05-11 10:30, Mel Beckman wrote: > >> Read deeper into the thread and you'll find where I sourced inexpensive >> RF-based NTP

Re: NIST NTP servers

I did and it works! But as other mentioned, using a passive antenna means that you are very limited in where you can actually use the NTP server. The device failed to acquire a GPS lock with it was 2-3 feet away from a window. But when it did acquire a signal, it happily worked as a Stratum 1 d

Re: NIST NTP servers

[...] but I would also have doubts over running anything business critical on a RP2. We use them as reverse terminal servers, for dhcp/tftp bootstrapping other machines, and soon, NTP. They are absolutely rock solid. There's something to be said for "no moving parts inside." --lyndon

RE: NIST NTP servers

nt: 2016 May 11, Wed 10:40 To: nanog@nanog.org list Subject: Re: NIST NTP servers A note on using a Raspberry Pi as a NTP server. In my limited home lab testing the RPi server had enough instability that Internet time sources were always preferred by my workstation after ntpd had been running for

Re: NIST NTP servers

Once upon a time, John Souvestre said: > The Enhanced WWVB signal has better range and more accuracy, but I don't know > if any receivers are available yet. I know it's supposed to have better range and signal quality, but I thought accuracy was about the same. The variables that affect accurac

RE: NIST NTP servers

Orleans LA -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Chris Adams Sent: 2016 May 12, Thu 21:21 To: nanog@nanog.org Subject: Re: NIST NTP servers Once upon a time, John Souvestre said: > The Enhanced WWVB signal has better range and more accuracy, but

Re: NIST NTP servers

> On May 11, 2016, at 6:31 AM, Leo Bicknell wrote: > ... > You're replacing one single point of failure with another. > > Personally, my network gets NTP from 14 stratum 1 sources right now. > You, and the hacker, do not know which ones. You have to guess at least > 8 to get me to move to you

Re: NIST NTP servers

Jean-Francois Mezei wrote: > > Today, if someone were to jam the GPS signal in an areas in USA, you'd > likely hear about large number of car accidents in the news before > noticing your systems canMt get time from the GPS-NTP and went to a > backup ip address (nist etc). The USA and the UK gover

Re: NIST NTP servers

On 05/11/2016 09:46 PM, Josh Reynolds wrote: maybe try [setting up an NTP server] with an odroid? ... I have several ODroid C2's, and the first thing to note about them is that there is no RTC at all. Also, the oscillator is just a garden-variety non-temperature-compensated quartz crystal,

Re: NIST NTP servers

Lamar, You make it sound like TXCOs are rare, but they're actually quite common in most single board computers. True, you're probably not gonna find them in the $35 cellular-based SBCs, but since these temperature compensated oscillators cost less than a dollar each in quantity, they're quite c

Re: NIST NTP servers

On 2016-05-13 14:12, Lamar Owen wrote: On 05/11/2016 09:46 PM, Josh Reynolds wrote: maybe try [setting up an NTP server] with an odroid? ... You really have to have at least a temperature compensated quartz crystal oscillator (TCXO) to even begin to think about an NTP server, for anything

Re: NIST NTP servers

On Fri, May 13, 2016 at 10:12:49AM -0400, Lamar Owen wrote: > On 05/11/2016 09:46 PM, Josh Reynolds wrote: > >maybe try [setting up an NTP server] with an odroid? > > > ... > > I have several ODroid C2's, and the first thing to note about them > is that there is no RTC at all. Also, the oscillato

Re: NIST NTP servers

Since we are on the subject, I would strongly recommend that you don't run NTP on Linux 2.2.13, since its especially vulnerable to our IPv4 fragmentation attack. "SunOS" also seems vulnerable, but I am not 100% sure what systems that say they are "SunOS" actually are. These OS will fragment packe

Re: NIST NTP servers

On 05/13/2016 10:38 AM, Mel Beckman wrote: You make it sound like TXCOs are rare, but they're actually quite common in most single board computers. True, you're probably not gonna find them in the $35 cellular-based SBCs, but since these temperature compensated oscillators cost less than a dol

Re: NIST NTP servers

Lamar, Because you need microsecond-level time accuracy (which is beyond NTP's capabilities) you'll requires an adjunct protocol, such as PPS, to get that. For continued NTP delivery despite periodic GPS signal loss, then you need an OCXO internal clock. But anyone satisfied with NTP's milli

Re: NIST NTP servers

"Either method needs the specs" should read "Either method meets the specs." -mel beckman > On May 13, 2016, at 1:39 PM, Mel Beckman wrote: > > Lamar, > > Because you need microsecond-level time accuracy (which is beyond NTP's > capabilities) you'll requires an adjunct protocol, such as PPS,

Re: NIST NTP servers

On 05/13/2016 04:38 PM, Mel Beckman wrote: But another key consideration beyond accuracy is the reliability of a server's GPS constellation view. If you can lose GPS sync for an hour or more (not uncommon in terrain-locked locations), the NTP time will go free-running and could drift quite a b

Re: NIST NTP servers

bject: Re: NIST NTP servers On 05/13/2016 04:38 PM, Mel Beckman wrote: > But another key consideration beyond accuracy is the reliability of a > server's GPS constellation view. If you can lose GPS sync for an hour or more > (not uncommon in terrain-locked locations), the NTP tim