[pkg-ntp-maintainers] Bug#687166: ntp: NTP security vulnerability because not using authentication by default

[Nico Golde]

Hi,
* none <anotst01 at fastmail.fm> [2012-09-10 15:42]:
[...] 
> An adversary can tamper with the unauthenticated NTP replies and put the users
> time several years back, especially, but not limited, if the bios battery or
> hardware clock is defect. That issue becomes more relevant with new devices
> like RP, which do not even have a hardware clock.
> 
> Putting the clock several years back allows an adversary to use already
> revoked, broken, expired certificates; replay old, broken, outdated, known
> vulnerable updates etc.

NTP is certainly subject to spoofing attacks by its nature. I also agree that 
this may be a problem in some settings. Just considering that e.g. kerberos is 
making heavy use of accurate timing. In theory NTP should be robust against 
wrong timing information from single servers. Obviously this doesn't help you, 
if your DNS is also spoofed and you control all NTP servers.

Since NTP does support symmetric/autokey by now, what I really wonder about is
why this is no strict requirement for servers in pool.ntp.org to which 
certainly also our debian ntp vendor zone belongs.

I think it would be desirable to ship default configurations with those keys 
setup.

I CC'ed Ask who is maintaining pool.ntp.org for this discussion.
Ask, is there such a requirement and I missed it or is it not existent?
If not, how realistic is it to change this?

While I don't think this is a critical problem, I'd also love to see this 
changed in future default configurations of the ntp package in Debian.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20120910/7d664172/attachment.pgp>