Time Is Running Out for NTP (opens in new tab)

(infoworld.com)

111 pointsmistertrotsky9y ago31 comments

31 comments

Article doesn't bother to mention that there are completely different projects which implement NTP servers with varying levels of functionality (openntpd, chrony, ntpsec, ntimed). And while the pool.ntp.org system is a nice scheme, it's hardly a global necessity. You can fairly easily get a stratum 1 server going on your own infrastructure. IMHO, too much of NTP relies on GPS, but that's a separate matter.

privong9y ago

> IMHO, too much of NTP relies on GPS, but that's a separate matter.

I'm curious to know more. Can you please elaborate or point to some articles discussing this?

toomuchtodo9y ago

https://ntpserver.wordpress.com/2008/09/10/ntp-server-stratu...

http://www.ntp.org/ntpfaq/NTP-s-refclk.htm

TL;DR Most NTP networks are relying on GPS versus a high precision on-site time keeping device. Break GPS, and you break timekeeping for a wide swath of the worldwide NTP pool. But thems the breaks when you can get access to atomic clocks in space (each GPS satellite carries an atomic clock on board) just by sticking an antenna out the window.

If you require precision time for critical business operations (financial transactions, global database operations), you should be running a precision time source locally at your datacenter; for under $20 an attacker could deny you GPS timing.

4 more replies

throwaway4891a9y ago

A side-effect of a 4+ satellite fix is both extremely accurate and extremely precise computation of current time (in addition to location). (GPS sats broadcast time, receivers triangulate.) Some high-quality receivers (Trimble, probably others) attempt to count the number of pseudowavelengths back to the satellite, including relativistic, gravimetric and atmospheric effects. http://www.trimble.com/gps_tutorial/sub_phases.aspx

1 more reply

kijeda9y ago

I thought NTP was a protocol, not a piece of software. Is the article conflating them, or is there only one single implementation of it that everyone relies upon?

notaplumber9y ago

There's OpenNTPD which is maintained by the OpenBSD/OpenSSH developers. It has been poorly criticized for its focus on security rather than absolute precision, but it's more than adequate for most peoples timekeeping needs.

http://www.openntpd.org/

It has privilege separation, sandboxing and if your OS/distribution uses LibreSSL it implements HTTPS constraints.

http://man.openbsd.org/ntpd.conf.5

http://man.openbsd.org/ntpd.8

http://man.openbsd.org/ntpctl.8

PhantomGremlin9y ago

it's more than adequate for most peoples timekeeping needs

Yes it is. I'm on a cable modem and currently using OpenNTPD to talk to 5 NTP servers. My largest offset is currently 3.6 milliseconds. That's fine for general purpose computing. Anyone who needs better should probably buy some NTP or PTP hardware for his LAN.

jerdfelt9y ago

There is NTP the protocol[1], and there is NTP the implementation[2].

While the implementation is popular, there are alternatives. There is also OpenNTPd, chrony and ntimed for instance.

There are also alternatives to the NTP protocol too, such as PTP and SNTP.

[1]https://www.ietf.org/rfc/rfc5905.txt [2]http://www.ntp.org/

tatersolid9y ago

Don't forget the billion-plus machines out there running Windows Time Service (which strangely has had zero security issues I can remember, even when running in server mode).

1 more reply

JdeBP9y ago

... and TAICLOCK.

* http://cr.yp.to/proto/taiclock.txt

contingencies9y ago

If you care that much about accuracy you should take a look at https://en.wikipedia.org/wiki/Precision_Time_Protocol ... "IEEE 1588 is designed for local systems requiring accuracies beyond those attainable using NTP".

hannob9y ago

Surprised that the whole piece didn't mention roughtime, a timesetting protocol developed by Adam Langley with much better security properties (NTP basically has no security): https://www.imperialviolet.org/2016/09/19/roughtime.html

notaplumber9y ago

> NTP is buried so deeply in the infrastructure that practically everyone reaps the project’s benefits for free.

The most common embedded NTP implementation is probably busybox, being used on Linux routers/modems/etc.. is actually based on OpenNTPD.

https://git.busybox.net/busybox/tree/networking/ntpd.c

AznHisoka9y ago

why dont dns servers provide this capability? seems like they are the most centralized of all the online services.

PeterWhittaker9y ago

The problem isn't the service being provided, that's well handled. The problem is that the development team is woefully underfunded, incapable of keeping up with maintenance, security fixes, new design, documentation, testing, etc.

viraptor9y ago

DNS is cached aggressively. As in, there is no "do not ever cache this" flag really. And even if there was, it there are multiple solutions actively ignoring the TTL hints. And caching is one thing you do not want when asking for time.

rhizome9y ago

Separation of concerns.

informatimago9y ago

The alternatives are most certainly as much underfounded as the mentioned project.

hga9y ago

Classic NTP is hardly the only game in town. For example, see the NTPsec work in progress: https://www.ntpsec.org/ which I'll probably transition to someday, maybe even get an el-cheapo GPS receiver now that I'm not effectively living in a basement.

And I've personally be using chrony for a while, although my needs are significantly less than whatever level of accuracy it provides. There are some other clients out there as well, such as OpenBSD's OpenNTPD, although I have a vague memory of it having issues of precision, congruent with the distribution's focus on security.

throwbsidbdk9y ago

My biggest issue with NTP is little control over who runs the servers. Unlike the CA system that has checks in place against bad actors, practically anyone can run an NTP pool.

It was discovered a while ago for example that some part of the Linux default NTP servers are run by shodan. So when your machine gets the time it lets shodan know you've got a server running so they can port scan you.

It would be stupid not to run a bunch of NTP servers if you wanted a to run a bot net. A free list of every running Linux server and countless IoT devices! Without having to actively scan IP space at all

lgas9y ago

NTP is more analogous to an SMTP server, HTTP server or any of the other myriad servers anyone can run on the internet with absolutely no vetting. The CA system is something different entirely. If you're confident that an NTP server is safe, don't use it. The same you would do with a potentially malicious website.

sliken9y ago

NTP is hierarchical. If you run a large organization generally you run a few NTP servers that talk to the internet. Then you setup your local nodes to talk to your NTP servers.

So it's hardly "a list of every running linux server".

ploxiln9y ago

Hmm does ntpsec only test their website with Chrome? Firefox says "Secure Connection Failed ... The OCSP server suggests trying again later." I guess that's one of the reasons Chrome TLS devs say online (looked-up on-demand) certificate revocation is useless.

j / k navigate · click thread line to collapse

31 comments

mmagin9y ago

privong9y ago

> IMHO, too much of NTP relies on GPS, but that's a separate matter.

I'm curious to know more. Can you please elaborate or point to some articles discussing this?

toomuchtodo9y ago

https://ntpserver.wordpress.com/2008/09/10/ntp-server-stratu...

http://www.ntp.org/ntpfaq/NTP-s-refclk.htm

4 more replies

throwaway4891a9y ago

1 more reply

kijeda9y ago

I thought NTP was a protocol, not a piece of software. Is the article conflating them, or is there only one single implementation of it that everyone relies upon?

notaplumber9y ago

http://www.openntpd.org/

It has privilege separation, sandboxing and if your OS/distribution uses LibreSSL it implements HTTPS constraints.

http://man.openbsd.org/ntpd.conf.5

http://man.openbsd.org/ntpd.8

http://man.openbsd.org/ntpctl.8

PhantomGremlin9y ago

it's more than adequate for most peoples timekeeping needs

jerdfelt9y ago

There is NTP the protocol[1], and there is NTP the implementation[2].

While the implementation is popular, there are alternatives. There is also OpenNTPd, chrony and ntimed for instance.

There are also alternatives to the NTP protocol too, such as PTP and SNTP.

[1]https://www.ietf.org/rfc/rfc5905.txt [2]http://www.ntp.org/

tatersolid9y ago

Don't forget the billion-plus machines out there running Windows Time Service (which strangely has had zero security issues I can remember, even when running in server mode).

1 more reply

JdeBP9y ago

... and TAICLOCK.

* http://cr.yp.to/proto/taiclock.txt

contingencies9y ago

hannob9y ago

notaplumber9y ago

> NTP is buried so deeply in the infrastructure that practically everyone reaps the project’s benefits for free.

The most common embedded NTP implementation is probably busybox, being used on Linux routers/modems/etc.. is actually based on OpenNTPD.

https://git.busybox.net/busybox/tree/networking/ntpd.c

AznHisoka9y ago

why dont dns servers provide this capability? seems like they are the most centralized of all the online services.

PeterWhittaker9y ago

viraptor9y ago

rhizome9y ago

Separation of concerns.

informatimago9y ago

The alternatives are most certainly as much underfounded as the mentioned project.

hga9y ago

throwbsidbdk9y ago

My biggest issue with NTP is little control over who runs the servers. Unlike the CA system that has checks in place against bad actors, practically anyone can run an NTP pool.

lgas9y ago

sliken9y ago

NTP is hierarchical. If you run a large organization generally you run a few NTP servers that talk to the internet. Then you setup your local nodes to talk to your NTP servers.

So it's hardly "a list of every running linux server".

ploxiln9y ago

j / k navigate · click thread line to collapse