NTP spoofing is going to be hard. Firstly as was commented it's not an
instant sync up - the system adjusts slowly in most cases (sudden jumps do
happen but only after a considerable period of error). The other issue
that makes it hard is you'd have to spoof all the servers used (well more
than half anyway). xntpd discards clocks that are deemed unreliable by
virtue of beeing a long way outside the basket of times or having a lot of
jitter.
ntpq on my mail server gives a good example:
Of 14 hosts(*) one is unreachable, 6 are discarded due to sanity checks,
three are
chopped from the list and 5 are used. To spoof all of them for enough time
to make a difference *and* keep real packets from getting in is going to be
tough.
(*) a mix of external and internal (but synced from different external) hosts.
John Pettitt
jpp @
software .
net
|
|
