On Oct 24, 2010, at 4:48 PM, Matthew Petach wrote: > On Sun, Oct 24, 2010 at 8:34 AM, Brandon Kim <brandon....@brandontek.com> > wrote: >> >> Hey guys: >> >> I wanted to open up this question regarding NTP server. I recalled someone >> had created a posting of this quite awhile back. >>> From a service provider/ISP standpoint, does anyone think that having a >>> local NTP server is really necessary? >> >> I've asked some of my fellow engineers at work and many of them gives me the >> same response, "Can't we just use free ones out on the internet?" > > Depends on how much you trust other people. > NTP can potentially be used as a DoS vector by your upstream clocks, > if you're not running your own. > > I've seen 50,000 servers panic in the blink of an eye when the NTP source > issued a leap second, and the kernel wasn't patched to handle it properly; > and that's a forward leap second. Nobody's tested reverse leap seconds > yet; who knows what would happen to your hosts if your upstream NTP > servers decided to issue a reverse leap second towards you?
Negative leap seconds are certainly possible, and 20 years ago (when I was working for the USNO Directorate of Time) I thought that the currents down in the core might be going to give us a few; I have often wondered how many systems would choke on this. Regards Marshall > Granted, if > you choose enough diverse upstream clocks, that becomes more difficult > for someone to exploit; but it's not impossible, and you can't count on > keeping your upstream clock sources secret, given the bidirectional > communication that can take place between NTP servers. > > *shrug* It's cheap enough to run your own clock sources, once you're > above a certain size, and it's one less potential attack vector from the > outside; why wouldn't you want to secure your edge against it? > > Matt > >