There are what appears to be a statistically significant number of reports this week of possible anomalies with NTP timekeeping in various parts of the net. Given how fundamental NTP is to many things -- including many types of authentication -- it would seem to be a good idea to set your "is there something wrong with NTP" bit, such that you're keeping an eye on the issue. If you have monitoring on your NTP servers; watch it. If you have monitoring, but not on your NTP servers, perhaps that would be a good project for the short week. If you don't have any network monitoring at all, let me recommend Munin, Cacti, and Nagios, in that order, of packages I have experience with, and I hear good things about Zabbix, too. Remember: "I can't log in" and "I get this weird error when going to a secure website" are top-drawer indications that your timebase may be off. Followups to -discussion, please. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
On Nov 20, 2012, at 11:05 AM, Jay Ashworth <jra@baylink.com> wrote:
There are what appears to be a statistically significant number of reports this week of possible anomalies with NTP timekeeping in various parts of the net.
Just to slightly correct and focus this - other than an unconfirmed GPS report, everything I have seen reported so far either publicly or privately confirmed to be syncing with the USNO servers tick or tock when problems manifested. This appears - so far - to have been of limited scope. Widespread, because of tick and tock's popularity and (as Leo Bicknell noted elsewhere) widespread use of too few upstream servers in local configurations. But not widespread among the stratum 1 servers set. George William Herbert Sent from my iPhone
----- Original Message -----
From: "George Herbert" <george.herbert@gmail.com>
On Nov 20, 2012, at 11:05 AM, Jay Ashworth <jra@baylink.com> wrote:
There are what appears to be a statistically significant number of reports this week of possible anomalies with NTP timekeeping in various parts of the net.
Just to slightly correct and focus this - other than an unconfirmed GPS report, everything I have seen reported so far either publicly or privately confirmed to be syncing with the USNO servers tick or tock when problems manifested. This appears - so far - to have been of limited scope. Widespread, because of tick and tock's popularity and (as Leo Bicknell noted elsewhere) widespread use of too few upstream servers in local configurations. But not widespread among the stratum 1 servers set.
And indeed, another contributor points out this piece: https://isc.sans.edu/diary.html?n&storyid=14548 Perhaps I spake too soon. Sorry, folks. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
It's probably worth noting that GPS isn't directly dependent on the functionality of tick and tock... Tick and tock were unreachable for about 8 hours or so back around the 4th of July after the windstorms in that area too. It's good practice to sync to multiple timeservers to avoid single points of failure. -Bill
On Nov 20, 2012, at 11:05 AM, Jay Ashworth <jra@baylink.com> wrote:
There are what appears to be a statistically significant number of reports this week of possible anomalies with NTP timekeeping in various parts of the net.
Just to slightly correct and focus this - other than an unconfirmed GPS report, everything I have seen reported so far either publicly or privately confirmed to be syncing with the USNO servers tick or tock when problems manifested. This appears - so far - to have been of limited scope. Widespread, because of tick and tock's popularity and (as Leo Bicknell noted elsewhere) widespread use of too few upstream servers in local configurations. But not widespread among the stratum 1 servers set.
George William Herbert Sent from my iPhone _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Some information on the NTP weirdness from SANS: http://isc.sans.edu/diary.html?storyid=14548&rss -----Original Message----- From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of George Herbert Sent: Tuesday, November 20, 2012 2:20 PM To: Jay Ashworth Cc: outages@outages.org Subject: Re: [outages] Possible NTP attacks? On Nov 20, 2012, at 11:05 AM, Jay Ashworth <jra@baylink.com> wrote:
There are what appears to be a statistically significant number of reports this week of possible anomalies with NTP timekeeping in various parts of the net.
Just to slightly correct and focus this - other than an unconfirmed GPS report, everything I have seen reported so far either publicly or privately confirmed to be syncing with the USNO servers tick or tock when problems manifested. This appears - so far - to have been of limited scope. Widespread, because of tick and tock's popularity and (as Leo Bicknell noted elsewhere) widespread use of too few upstream servers in local configurations. But not widespread among the stratum 1 servers set. George William Herbert Sent from my iPhone _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
participants (4)
-
Al Berg -
Bill Wichers -
George Herbert -
Jay Ashworth