Re: [chrony-users] NTP bogus timestamps - Chrony on openSUSE 15.1

[Bill Unruh <unruh@xxxxxxxxxxxxxx>]

On Thu, 22 Aug 2019, Stuart Longland wrote:

> On 22/8/19 12:00 am, James Knott wrote:
> > The calculations based on those time stamps
> > were meant to determine that latency and correct for it.
>
> As I understand it, the server doesn't care and simply round-trips it.
> The client does the RTT calculations and adjusts accordingly.

Yes.

> It is also a crude way to authenticate the response -- since the client
> presumably knows what it sent, if it gets a "spoofed" reply from a

The client HAS to know what it sent since that is the index into the list
linking time-sent in the packet to time-actually-sent. ntp already dumps any
packet whose packet time is not a time at which it was sent. However a spoofer
knows what the time is and thus has a very small range of packets which he can
try to subvert your ntp process. However, the time is something like 128 bits
and if they are random, then the spoofer simply cannot send out 2^64 =10^20
packets in an exhaustive attempt to subvert your ntpd.(even at Gbit ethernet,
it would take about 10^12sec=10^5 years to send them)

> server, this adds a (weak) way to detect this.

Not so weak. It cannot protect against MITM attacks since they can read what
you sent, but it can against blind attacks.

Ie, it is very strong protection against blind attacks.

> --
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
>  ...it's backed up on a tape somewhere.
>
> --
> To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
> with "unsubscribe" in the subject.
> For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
> with "help" in the subject.
> Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.