Am Sun, 25 Oct 2015 13:34:43 +0000 schrieb Wojciech Owczarek <wojci...@owczarek.co.uk>:
> I think this is a classic case of confusing application security with > network security. The whole idea relies on spoofing packets. A > spoofing scenario is only realistic in a lab setting. Or in case of a > physical takeover of a circuit, which - well, then you have more > important things to worry about, and please show me an actual > existing case. > > The series of off-path attacks described are off-path only because > they don't require intercepting previous communication, but they > still require spoofing. Theoretically any application using a > connectionless protocol like UDP suffers from this "vulnerability" to > spoofing one way or another. My personal favourite statement "on a > properly designed network..." usually negates most of those. > Umm, well, I agree partially. Spoofed packets are unfortunately not as rare as one might think. Sure, in many cases they're easy to detect and are dropped routinely by most ISPs. But once they're out in the wild, they're virtually impossible to tell from legitimate packets. The reference to "properly designed networks" excludes the case where one depends on external servers of higher stratum than what is available within the network under your control. A properly designed network implies full control over it, which is hardly achievable once the public internet enters the picture. As soon as two or more transit networks are encountered - which isn't too uncommon and which usually are not under your control - all odds are off. > PHK - as you say, the only cure is to have your own NTP servers, and > any serious organisation out there does. > If I'm not mistaken, the requirement is a bit more strict, as one would need a reliable chain to stratum 1. Running your own stratum 1 server(s) probably would be the preferred solution. But already a not too fancy configuration of a lower stratum server makes the attack pretty unlikely as one would need to spoof packets from the majority of upstream servers. The parts that likely are least protected from this kind of attacck isn't so much organizations but rather Joe Average, who doesn't have the knowledge to mitigate things. And those mostly are not the target of an attack of this kind. > The paper definitely has some research value, but in my opinion the > negative publicity generated by this is overblown and undeserved. One > thing I will agree with, is that there are too many random NTP > servers out there which are dusty boxes sitting somewhere in the > broom cupboard, running ancient software. However, all those > vulnerable public NTP servers are vulnerable if you're sitting next > to them. > I have a similar feeling, the reported attack vector has more of an academic value than actually posing a real threat. Therefore the attention it generated is a bit over the top. Having a working authentication mechanism that also works for the general public I'd still consider to be a desireable feature. Not so much because NTP is unreliable, but because I feel that authentication is generally a must nowadays. But that's just my personal opinion. Best regards, Florian _______________________________________________ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
