[Outages-discussion] Time protocol vulnerabilities

jrk1231-outml at nym.hush.com jrk1231-outml at nym.hush.com
Mon Nov 19 23:28:58 EST 2012


The NTP issue today is 'interesting.' I've always considered NTP as
highly vulnerable to attack. Messing with NTP is also a good way to
help obfuscate logs to hide an attack. :-)

However, I don't believe that NTP is where our real risk is today with
time protocols. What really really really scares me is PTP (IEEE
1588). It is was designed to sync with very high precision various
industrial processes. It also has other time critical applications as
well, such as audio-video lip sync. 

It is the industrial environment that is what I'm seriously concerned
about. Since parts of PTP are often implemented in Ethernet SPIs,
firmware bugs and bad designs are not easy (read, impossible) to fix.
I've seen demonstrations where a single PTP packet is all that is
required to completely desync time. That is, a single rogue packet
could easily cause a serious industrial accident (think, Bhopal).

My $0.02 worth.

Jon Kibler
--
Jon R. Kibler
+001-843-813-2924

--
Jon R. Kibler
+001-843-813-2924
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20121119/543a0d39/attachment.html>


More information about the Outages-discussion mailing list