Great Circle Associates Firewalls
(April 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: xntpd and gauntlet 3.2
From: Arley Carter <ac @ twinds . com>
Date: Tue, 8 Apr 1997 10:01:54 -0400 (EDT")
To: Todd Graham Lewis <lists @ reflections . eng . mindspring . net>
Cc: "firewalls(a)greatcircle.com" <firewalls @ GreatCircle . COM>
In-reply-to: <Pine . LNX . 3 . 96 . 970407184320 . 15924A-100000 @ reflections . eng . mindspring . net> 
> On Fri, 4 Apr 1997, Arley Carter wrote:
On the inadvisabilty of passing udp through a firewall
> 
On Mon, 7 Apr 1997, Todd Graham Lewis wrote:
> Agreed.  If you're super-paranoid, then you can shell out the US$200 for a
> GPS receiver and make yourself into a stratum-1 server.  (If you do this,
> you should do it outside the firewall, offer stratum-1 services to others,
> and make your firewall a stratum-2 server, using ntp's builtin
> cryptographic authentication.) 
> 
> And to whoever said that you shouldn't use time-based cryptography, there
> are well-respected cryptosystems which rely on accurate time info on both
> client and server to eliminate replay attacks and other time-based hacks.
> To dismiss them merely because they require accurate time info is silly.
> 
>From ac @
 hawkTue Apr  8 09:46:48 1997
Date: Mon, 7 Apr 1997 16:09:01 -0400 (EDT")
From: Arley Carter <ac @
 hawk>
To: "Button, Dave" <Dave .
 Button @
 GSC .
 GTE .
 Com>
Subject: RE: UDP considered harmful? (was: xntpd and gauntlet 3.2)

On Mon, 7 Apr 1997, Button, Dave wrote:
> 
> The quote was specific to OUR situation, though I understand that UDP 
> may be dangerous in situations where RPC is used. More specifically, I 
> was concerned about spoofing attacks that would negate having accurate 
> time, and the problems with relying on outside servers providing 
> claimed stratum 1 accuracy. We are in the certification authority 
> business and so we must avoid the apperance of evil as well as evil 
> itself.
> 
This brings up an interesting question about the xnptd protocol.  As I 
understand the algorithm xntp uses, it chooses the "best" time from one 
of all the servers selected.  This is based upon dispersion around a 
mean time. Outlyers's are discarded.  

So: Let's assume you pick 6 external servers at random, ( 3 is the 
recommended minimum.)  To serve bogus time to your xtnpd daemon and have 
it believed, the attacker would have to corrupt the time servers for a 
majority of your servers that you have chosen at random.  Otherwise, the 
attacker's time stamps would be thrown out of the time selection process
because it is a divergent time.  

I would say then that the  possiblity of an attacker being able to launch 
a successful attack using this method is therefore is quite small.

If someone can demonstrate this in not true, please chime in.

Cheers:
-arc

Arley Carter
Tradewinds Technologies, Inc.
Winston-Salem, NC  USA
email: ac @
 twinds .
 com
www: http://www.twinds.com
Follow-Ups:
References:
Indexed By Date Previous: FTP Software's Secure Client
From: "dennis keller" <dennis_keller @ smtp . ddre . dla . mil>
Next: X11
From: Serena Mazzoni <serena @ cpg . it>
Indexed By Thread Previous: Re: xntpd and gauntlet 3.2
From: Todd Graham Lewis <lists @ reflections . eng . mindspring . net>
Next: Re: xntpd and gauntlet 3.2
From: Todd Graham Lewis <lists @ reflections . eng . mindspring . net>
Google
 
Search Internet Search www.greatcircle.com