Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


NTP Best Practices

  • “A lot of the banking applications that we are using now are using one-time passwords that are only valid for a very distinct period of time. If you can mess with what the computer thinks the time is, then you might be able to set up a window of opportunity.”
  • Watch

  • Listen

    Loading Podcast.....
  • Related

    NTP Best Practices Podcast | Related Link SEI Blog Post

  • Abstract

    The network time protocol (NTP) synchronizes the time of a computer client or server to another server or within a few milliseconds of Coordinated Universal Time (UTC). NTP servers, long considered a foundational service of the Internet, have more recently been used to amplify large-scale Distributed Denial of Service (DDoS) attacks. While 2016 did not see a noticeable uptick in the frequency of DDoS attacks, the last 12 months have witnessed some of the largest DDoS attacks, according to Akamai's State of the Internet/Security report. One issue that attackers have exploited is abusable NTP servers. In 2014, there were over seven million abusable NTP servers. As a result of software upgrades, repaired configuration files, or the simple fact that ISPs and IXPs have decided to block NTP traffic, the number of abusable servers dropped by almost 99 percent in a matter months, according to a January 2015 article in ACM Queue. But there is still work to be done. It only takes 5,000 abusable NTP servers to generate a DDoS attack in the range of 50-400 Gbps. In this podcast, Timur Snoke explores the challenges of NTP and prescribes some best practices for securing accurate time with this protocol.

  • Transcript
  • Audio

About the Speaker

  • Timur D. Snoke

    Timur Snoke is a member of the technical staff and the Situational Awareness Team in SEI’s CERT Division.  His primary research focus is identifying gaps in network security capabilities to support the research and development of new sources and methods for network defense.  Prior to joining CERT, Snoke worked in a variety of capacities for ISPs and private companies in the health care, hospitality, financial, and transportation industries. He also worked in secondary and higher education, and in the federal and civilian government sectors.