2. Boring stuffs
• UDP-123
• Oldest
• Since 1985;
• David L. Mills.
• Latest version:4.2.8p10 Released on: 2017/03/21
3. • Stratum 0: atomic clocks, GPS or other
radio clocks
• Stratum 1: computers whose system time
is synchronized to within a few
microseconds
• Stratum 2: synchronized over a network
to stratum 1
• synchronized to stratum 2 servers
• upper limit for stratum is 15; stratum 16
is used to indicate that a device is
unsynchronized
6. • Windows win32time service NTP server
• Linux-> ntpd NTP server
7. Why do I need to think about NTP?
• Accurate timestamping is key to root-cause analysis, intrusion analysis
• one-time password protocols
• Kerberos( Active directory, LDAP, SSL)
• DNS cache flushing
• Glimpse of replay attack: common example of this sort of attack is
where people sniff the signatures from car remote locking systems
and then replay them to open the doors
8. Attacks on NTP so far
• Denial of service
• Distributed denial of service
• Information disclosure
• Buffer overflow
• Note: Vulnerabilities identified till Jan 2017
9. 2 mins before Demo!!
• monlist is a debugging command that allows to retrieve information
from the monitoring facility about traffic associated with the NTP
service.