The Misuse and Abuse of NTP Server Systems
- Date: 2007-05-22 - Word Count: 557
Share This!
Network Time Protocol (NTP) is a standard Internet protocol for the dissemination of time around a computer network. The protocol operates in a hierarchical manner, each level or stratum serving the next level in the hierarchy. At the top of the hierarchical structure is a stratum 1 NTP server that synchronises to an external time and frequency reference. Many stratum 1 NTP servers reside on the Internet and are used for synchronising network time clients.
There have been a number of reported problems of network time server misuse or abuse. This article discusses some of the reported NTP time server abuse incidents and describes NTP configuration methods that can reduce such problems. Most incidents seem to have occurred due to manufacturer configuration issues rather than malicious intent.
Many NTP server misuse issues have arisen from client configuration errors, particularly in consumer electronic equipment. Due to the volume of consumer electronic equipment manufactured and in-use, any configuration issues with equipment that access NTP time servers can greatly magnify problems. Typically, clients with configuration errors or firmware bugs that cause repeated access to a network time server can cause server loading problems when a large number of clients are involved.
A recent high-profile incident of consumer electronic equipment causing NTP server problems was with consumer router equipment. Home router devices were accessing stratum 1 Internet time servers and flooding them with requests for time. Many NTP time server administrators noticed a large increase in traffic and server loading. Many stratum 1 NTP servers have an access policy that forbids anything other than a stratum 2 server from requesting time. Home router equipment should not therefore directly access a stratum 1 time server.
In a separately reported network time server misuse case, an Internet based NTP server was being bombarded by ever-increasing volumes of traffic. It was initially thought that this was due to an attack on the server. However, the amount of traffic continued to rise over time rather than decrease. Eventually, it was found that a number of router devices manufactured by a well-known network equipment manufacturer had hard-coded the IP address of the time server into the routers firmware. Each router in operation was contacting the server at regular intervals in an attempt to synchronise time. The volume of devices in operation eventually overloaded the server.
The NTP protocol implements a rather general-purpose address mask restricted use policy. This allows only IP addresses within a specified range or that fit a specified address mask access to a NTP time server. Alternatively, clients can be excluded from access by explicitly including them in a restriction list. Rogue clients can therefore be excluded access to the NTP server by explicitly restricting access.
Usually, the server drops NTP requests that are denied access. However, occasionally a harsher response is required. The server can respond with a message explicitly requesting the client to cease sending. A special packet has been created for this purpose called the 'kiss-o-death' packet. Kiss codes can convey useful information to an intelligent client. The character string codes are designed for easy viewing in log files and convey denial of service messages. When a client receives a 'kiss-o-death' packet, it should stop sending to a particular server and locate an alternative server, if available. If no alternative server is available, the client should delay for an exponentially increasing time before retrying the server.
There have been a number of reported problems of network time server misuse or abuse. This article discusses some of the reported NTP time server abuse incidents and describes NTP configuration methods that can reduce such problems. Most incidents seem to have occurred due to manufacturer configuration issues rather than malicious intent.
Many NTP server misuse issues have arisen from client configuration errors, particularly in consumer electronic equipment. Due to the volume of consumer electronic equipment manufactured and in-use, any configuration issues with equipment that access NTP time servers can greatly magnify problems. Typically, clients with configuration errors or firmware bugs that cause repeated access to a network time server can cause server loading problems when a large number of clients are involved.
A recent high-profile incident of consumer electronic equipment causing NTP server problems was with consumer router equipment. Home router devices were accessing stratum 1 Internet time servers and flooding them with requests for time. Many NTP time server administrators noticed a large increase in traffic and server loading. Many stratum 1 NTP servers have an access policy that forbids anything other than a stratum 2 server from requesting time. Home router equipment should not therefore directly access a stratum 1 time server.
In a separately reported network time server misuse case, an Internet based NTP server was being bombarded by ever-increasing volumes of traffic. It was initially thought that this was due to an attack on the server. However, the amount of traffic continued to rise over time rather than decrease. Eventually, it was found that a number of router devices manufactured by a well-known network equipment manufacturer had hard-coded the IP address of the time server into the routers firmware. Each router in operation was contacting the server at regular intervals in an attempt to synchronise time. The volume of devices in operation eventually overloaded the server.
The NTP protocol implements a rather general-purpose address mask restricted use policy. This allows only IP addresses within a specified range or that fit a specified address mask access to a NTP time server. Alternatively, clients can be excluded from access by explicitly including them in a restriction list. Rogue clients can therefore be excluded access to the NTP server by explicitly restricting access.
Usually, the server drops NTP requests that are denied access. However, occasionally a harsher response is required. The server can respond with a message explicitly requesting the client to cease sending. A special packet has been created for this purpose called the 'kiss-o-death' packet. Kiss codes can convey useful information to an intelligent client. The character string codes are designed for easy viewing in log files and convey denial of service messages. When a client receives a 'kiss-o-death' packet, it should stop sending to a particular server and locate an alternative server, if available. If no alternative server is available, the client should delay for an exponentially increasing time before retrying the server.
Related Tags: ntp server, time server, gps ntp server, windows ntp server, windows time server, digital wall clock, atomic clock, time synchronisation, gps clock, gps time, time synchronization, ntp time server, digital clock, gps time server, network time server
D. Evans is a technical author with a background in NTP time server solutions, reference clocks and telecommunications devices. Click here to find out more about network time server solutions. Your Article Search Directory : Find in Articles
Recent articles in this category:
- Using Keywords Effectively For an SEO Campaign
Keyword research is one of the most crucial parts of an SEO campaign. If you end up choosing the wro - Search Engine Optimization Copywriting Tips
SEO copywriting is not as technical as it sounds but is different from traditional copywriting for t - 3 Tips to Make Money Using Videos
For the last five years video has been a real success in the internet. Now you can find video in alm - Is Social Media Networking Your Next Strategy For Your Online Marketing?
When you try to work on online promotion and online marketing, social media especially social media - Submitting a URL of Your Website
People who make a website usually do research on how to improve not only the quality of their websit - 5 Bad Habits of Article Marketing
There are many ways to advertise your company but having a highly ranked website is the best. Most p - Facts About SEO Services Company
SEO services companies are becoming very popular in the internet marketing world but there are some - 4 Ways Search Engine Optimization Can Be So Powerful
Whether you are an affiliate marketer, small businessman or a large organization, your first step wh - A List of 3 Options For Internet Business
The trend of making money through online business has become trendy now a day. People are shifting t - Getting the Best Affiliate Products For Your Site
Making money online was never so difficult before. There are numerous ways through which you can mak
Most viewed articles in this category:
- The Revolutionized Ebay Etailsolution Software
With the help of eBay, the auction business has received a new meaning. With the help of the many eB - Internet Millions - by Ryan Orrell - Honest Review
REVIEW: "Internet Millions", by Ryan Orrell, is a refreshing new kind of internet marketing e-bo - A Google Adsense Addiction
54% of all Google Adsense publishers admit addiction to click income. A recent online study conducte - Lead Generation for Top Residual Income
At the heart of any good residual income business is a person who knows how to generate leads. Lead - Make Money With Information Ebook Products: The Other End
I don't like thinking of myself as the kind of person that has made it rich on the internet, but in - Repeat Business Equals a Residual Income Stream
Residual income comes from other people reacting to a single action by the business owner. What bet - The NFL & United Way
There are many ways that NFL players help with the United Way. First of all, they donate a lot of th - Seo - Making Money Writing Seo Reviews
If you are a reviewer or critic you are likely to find work writing reviews of products and services - Understanding Perfume Types
Understanding the various varieties of perfume can help to cut through the difficulty in selecting a - Ecommerce Basics: Three Things To Avoid
When you decide to put your ecommerce website together there are a few mistakes that are easy to mak