Regarding Roland’s reference to time and position spoofing via a hacked GPS
signal, the hacker has to get physical line of sight to the victim’s antenna in
order to succeed with this attack. That’s likely within a few blocks, if not
within a few feet. And a rooftop antenna might require a drone
Regarding Roland’s reference to time and position spoofing via a hacked GPS
signal, the hacker has to get physical line of sight to the victim’s antenna in
order to succeed with this attack. That’s likely within a few blocks, if not
within a few feet. And a rooftop antenna might require a drone
Regarding Roland’s reference to time and position spoofing via a hacked GPS
signal, the hacker has to get physical line of sight to the victim’s antenna in
order to succeed with this attack. That’s likely within a few blocks, if not
within a few feet. And a rooftop antenna might require a drone
What about something like this?
http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html
Has anyone used a Pi to create their own server?
On Wed, May 11, 2016 at 3:24 AM, Mel Beckman wrote:
> Regarding Roland’s reference to time and position spoofing via a hacked
> GPS signal, the hacker has to get ph
Building a S1 system with RaspberryPis would not fly in most of the
corporate/enterprise environments I've worked in (random 'appliances',
non-uniformity, and lack of support are all glaring issues).
Get a PCIe card with a BNC connector and dual power supplies for life in a
data center.
For home/
But would you not need to actually spend three times $300 to get a good
redundant solution?
While we are there, why not go all the way and get a rubidium standard
with GPS sync? Anyone know of a (relatively) cheap solution with NTP output?
https://en.wikipedia.org/wiki/Rubidium_standard
Rega
Tue, May 10, 2016 at 04:59:02PM +0200, Stephane Bortzmeyer wrote:
> On Tue, May 10, 2016 at 10:52:28AM -0400,
> valdis.kletni...@vt.edu wrote
> a message of 37 lines which said:
>
> > Note that they *do* have motivation to keep it working, simply
> > because so much of their *own* gear (from g
In a message written on Tue, May 10, 2016 at 08:23:04PM +, Mel Beckman
wrote:
> All because of misplaced trust in a tiny UDP packet that can worm its way
> into your network from anywhere on the Internet.
>
> I say you’re crazy if you don’t run a GPS-based NTP server, especially given
> tha
Can somebody contact me offline from VirginMedia UK regarding a BGP
advertisement for 192.34.50.0/24 originating from AS1849 please
Thanks
Simon
_Everything_ has vulnerabilities and using _any_ external source opens your
network and infrastructure to disruptions. NTP has been used for DDoS
amplification attacks recently, but so has DNS and other well known/heavily
used protocols.
With the right protections, syncing with an external NTP
On 5/10/2016 at 10:30 AM, "Chuck Church" wrote:
>
>It doesn't really. Granted there are a lot of CVEs coming out for
>NTP the
>last year or so. But I just don't think there are that many
>attacks on it.
>It's just not worth the effort. Changing time on devices is more
>an
>annoyance than
This is outside plant related. Ignore if all you do is configure routers
(not that there is anything wrong with that.)
I would be interested in any network provider's experiences with third
party single pole administrator regulatory regimes, such as Connecticut's.
Please respond privately and I wi
Hi,
> Boss: That sounds expensive. How much are we talking?
> IT guy: $300
Beware!
Over the past year we made engineering samples to deploy to datacenters.
The goal was to use GPS and PPS to discipline ntpd appliances and serve
as stratum 1 to other NTP distribution servers without the $5k pric
I hope your receivers aren't all from a single source.
I was in Iraq when this (
http://dailycaller.com/2010/06/01/glitch-shows-how-much-us-military-relies-on-gps/
) happened, which meant I had no GPS guided indirect fire assets for 2
weeks.
On Wed, May 11, 2016 at 8:31 AM, Leo Bicknell wrote:
>
AFAIK being able to do a lawful intercept on a specific, named,
individual's service has been a requirement for providers since 2007. I
have never heard of a provider, big or small, being called out for being
unable to provide this service when requested. I would be surprised if a
national broadb
Andreas,
Most data centers will require a remotely positioned NTP server, which is
actually easier and cheaper than a remotely located active GPS antenna. I have
placed the $300 commercial NTP servers in an environmental box on the roof,
powering t by PoE, without problems.
You don't need a r
Josh,
Read deeper into the thread and you'll find where I sourced inexpensive
RF-based NTP servers using CDMA, GSM, and even WWV. All radically different
technologies that are unlikely to have common failure modes. But yes, buying
different brands can't hurt either.
-mel beckman
> On May 11
In a message written on Tue, May 10, 2016 at 03:00:59PM -0500, Josh Reynolds
wrote:
> This is a large list that includes many Tier 1 network operators,
> government agencies, and Fortune 500 network operators.
>
> The silence should be telling.
NANOG has a strong self-selection for people who r
In a message written on Wed, May 11, 2016 at 09:00:54AM -0500, Josh Reynolds
wrote:
> I hope your receivers aren't all from a single source.
I have 4 each ACTS, GPS, and CDMA in my list, agumented with a pair
of PTP. Amazingly right now all but 3 are within 2 microsconds of
each other, and those
GPS + a cesium or rubidium frequency standard is all you need.
Too expensive? Then time isn't important to your organization.
-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Leo Bicknell
>Sent: Wednesday, May 11, 2016 9:31 AM
>To: nanog@nanog.org
>Subject: Re: NIST NTP servers
>Personally, my network gets NTP from 14 stratum 1 sources right now.
>You, and the hacker, do not know whic
On 5/10/16 21:05, Joe Klein wrote:
Is this group aware of the incident with tock.usno.navy.mil &
tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12
years for the period of one hour, then return?
The reasons were not fully explained, but the impact was global. Routers,
s
- Original Message -
> From: "Jared Mauch"
>> Yes, and properly monitor your ntpd instances.
>
> And upgrade them.
>
> Some software distributors don’t ship modern software. if you
> are using a distribution packaged ntpd it’s likely old and
> difficult to determine its lineage due to
- Original Message -
> From: "Mel Beckman"
> Read deeper into the thread and you'll find where I sourced inexpensive
> RF-based
> NTP servers using CDMA, GSM, and even WWV. All radically different
> technologies
> that are unlikely to have common failure modes. But yes, buying different
On Wed, May 11, 2016 at 03:24:43PM +, Jay R. Ashworth wrote:
> We're all aware this project is underway, right?
>
> https://www.ntpsec.org/
Despite the name, I'm not aware of any significant protocol
changes. It's just a recent fork of the reference implementation
minus the refcloc
On Wed, 11 May 2016 15:36:34 -, "Jay R. Ashworth" said:
> CDMA and GSM are false diversity: both network types nodes *get their time*
> from GPS, so far as I know.
I'll make the fairly reasonable assumption that most readers of this list have
networks that span multiple buildings.
If somebod
On 05/11/2016 12:05 AM, Joe Klein wrote:
Is this group aware of the incident with tock.usno.navy.mil &
tick.usno.navy.mil on November 19. 2012 2107 UTC, when the systems lost 12
years for the period of one hour, then return?
...
I remember it like it was only four years ago oh, wait
W
On 05/11/2016 07:46 AM, Baldur Norddahl wrote:
But would you not need to actually spend three times $300 to get a
good redundant solution?
While we are there, why not go all the way and get a rubidium standard
with GPS sync? Anyone know of a (relatively) cheap solution with NTP
output?
Ebay
On Tue, 10 May 2016 17:00:54 -0400, Brian Mengel wrote:
AFAIK being able to do a lawful intercept on a specific, named,
individual's service has been a requirement for providers since 2007.
It's been required for longer than that. The telco I worked for over a
decade ago didn't build the in
* Chris Adams:
> First, out of the box, if you use the public pool servers (default
> config), you'll typically get 4 random (more or less) servers from the
> pool. There are a bunch, so Joe Random Hacker isn't going to have a
> high chance of guessing the servers your system is using.
A determi
No, many cell carriers run their own completely independent timing networks. I
support some head-ends where they have rubidium clocks and a T1-delivered time
source. They do reference GPS, and many cell sites have GPS as a backup clock
(you can see their conical antennas on the very top of the t
On Tue, 10 May 2016, james machado wrote:
First I am thrilled to see older Nanog meetings making it to youtube.
Having said that can the people putting up the files put the Nanog
meeting number in the title of the videos to make it easier to search
and determine relevance?
+1 from me. I also
Cellular carriers also use GPS timing for many reasons that are not readily
apparent at the layer 3 router/IP/BGP network level. One big need is RF
related, back-to-back sector antenna frequency re-use with GPS synced
timing on the remote radio heads, such as an ABAB configuration on a tower
or roo
On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
> * Chris Adams:
>
> > First, out of the box, if you use the public pool servers (default
> > config), you'll typically get 4 random (more or less) servers from the
> > pool. There are a bunch, so Joe Random Hacker isn't going to have a
> >
--- m...@beckman.org wrote:
From: Mel Beckman
Accurate time to the millisecond is pretty much
essential for any network troubleshooting. Say
you want to diagnose a SIP problem. You collect
transaction logs from both phones, the VoIP
gateway, and the PBX. Now you try to merge them
to derive
Compared to the scale of the budget of small research projects run by
national intelligence agency sized organizations, you wouldn't have to be
very well funded to run a sizeable proportion of all tor exit nodes with
some degree of plausible deniability...
500 credit cards
500 unique bililng name
Yo Scott!
On Wed, 11 May 2016 17:20:28 -0700
"Scott Weeks" wrote:
> If all logs are sent to a unix server that does
> syslogd the log entries would go into the file
> in order no matter what timestamp is on them.
syslogd can have quite large buffers.
RGDS
GARY
--- g...@rellim.com wrote:
From: "Gary E. Miller"
Yo Scott!
On Wed, 11 May 2016 17:20:28 -0700
"Scott Weeks" wrote:
> If all logs are sent to a unix server that does
> syslogd the log entries would go into the file
> in order no matter what timestamp is on them.
syslogd can have quite larg
Yo Scott!
On Wed, 11 May 2016 17:42:34 -0700
"Scott Weeks" wrote:
> > If all logs are sent to a unix server that does
> > syslogd the log entries would go into the file
> > in order no matter what timestamp is on them.
>
> syslogd can have quite large buffers.
> -
> On May 11, 2016, at 5:42 PM, Scott Weeks wrote:
>
> Wouldn't the buffers empty in a FIFO manner?
They will empty in whatever order the implementation decides to write them.
But what's more important is the order in which the incoming packets are
presented to the syslogd process. If you're l
Well, if you really want to learn about the NTP servers a target is using
you can always just sent them a regular NTP timing query (mode 3) and just
read off the IP address in the reference ID field of the response (mode 4).
Reference ID reveals the target that the client is sync'd to.
If you do
With the caveat that if some of the servers are inside your own private
network then learning who the servers are might be less useful.
But this could be an issue for targets who use servers that are exclusively
on the public internet.
On Wed, May 11, 2016 at 3:15 PM, Sharon Goldberg wrote:
> W
A note on using a Raspberry Pi as a NTP server. In my limited home lab
testing the RPi server had enough instability that Internet time sources
were always preferred by my workstation after ntpd had been running for a
while. Presumably this was due to the RPi's clock frequency drifting. At
some poi
maybe try with an odroid?
On May 11, 2016 8:45 PM, "Jon Meek" wrote:
> A note on using a Raspberry Pi as a NTP server. In my limited home lab
> testing the RPi server had enough instability that Internet time sources
> were always preferred by my workstation after ntpd had been running for a
> wh
Wed, May 11, 2016 at 05:20:28PM -0700, Scott Weeks wrote:
> --- m...@beckman.org wrote:
>> From: Mel Beckman
>>
>> Accurate time to the millisecond is pretty much
>> essential for any network troubleshooting. Say
>> you want to diagnose a SIP problem. You collect
>> transaction logs from both
On Wed, 11 May 2016 17:23:31 -0700, Eric Kuhnke said:
> average of $150/mo x 500 = $75,000
Id worry more about the fact that somebody is willing to spend $75K/mo to
attack me than the fact that it might be possible to wiggle my time base a bit.
At that point, you *really* have to worry about othe
Sharon Goldberg writes:
> Well, if you really want to learn about the NTP servers a target is using
> you can always just sent them a regular NTP timing query (mode 3) and just
> read off the IP address in the reference ID field of the response (mode 4).
Unless the server is an IPv6 server. This
Harlan Stenn writes:
> Sharon Goldberg writes:
> > Well, if you really want to learn about the NTP servers a target is using
> > you can always just sent them a regular NTP timing query (mode 3) and just
> > read off the IP address in the reference ID field of the response (mode 4).
>
> Unless the
48 matches
Mail list logo
