Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Network Time Protocol
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security concerns == {{See also|NTP server misuse and abuse}} Because adjusting system time is generally a privileged operation, part or all of NTP code has to be run with some privileges in order to support its core functionality. Only a few other security problems have been identified in the reference implementation of the NTP codebase, but those that appeared in 2009{{which|date=July 2022}} were cause for significant concern.<ref name="8pJKT">{{cite web |url=http://support.ntp.org/security |title=Security Notice |website=Support.NTP.org |date=2009-12-10 |access-date=2011-01-12 }}{{Dead link|date=November 2023 |bot=InternetArchiveBot |fix-attempted=yes }}</ref><ref name="DoZBy">{{cite web |url=https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090923-ntp |title=Cisco IOS Software Network Time Protocol Packet Vulnerability |date=23 September 2009 |publisher=[[Cisco Systems]] |access-date=11 June 2020 |archive-url=https://web.archive.org/web/20200611155551/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090923-ntp |archive-date=11 June 2020 |url-status=live}}</ref> The protocol has been undergoing revision and review throughout its history. The codebase for the reference implementation has undergone security audits from several sources for several years.<ref name="ZD0x6">{{cite web|url=http://support.ntp.org/Main/CodeAudit |title=Code Audit |website=Support.NTP.org |date=2009-06-13 |access-date=2011-01-12}}</ref> A [[stack buffer overflow]] exploit was discovered and patched in 2014.<ref name="m0CJK">{{cite web |url=https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 |title=Network Time Protocol Vulnerabilities (Update C) | ICS-CERT |publisher=Ics-cert.us-cert.gov |access-date=2015-04-15 |archive-url=https://web.archive.org/web/20141220002022/https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 |archive-date=2014-12-20 |url-status=live}}</ref> [[Apple Inc.|Apple]] was concerned enough about this vulnerability that it used its auto-update capability for the first time.<ref name="zg08P">{{cite web | url=https://arstechnica.com/apple/2014/12/apple-automatically-patches-macs-to-fix-severe-ntp-security-flaw/ | title=Apple automatically patches Macs to fix severe NTP security flaw | publisher=arstechnica | date=Dec 23, 2014 | access-date=Apr 29, 2015 | last=Cunningham | first=Andrew | archive-url=https://web.archive.org/web/20150415002211/http://arstechnica.com/apple/2014/12/apple-automatically-patches-macs-to-fix-severe-ntp-security-flaw/ | archive-date=April 15, 2015 | url-status=live}}</ref> On systems using the reference implementation, which is running with root user's credential, this could allow unlimited access. Some other implementations, such as [[OpenNTPD]], have smaller code base and adopted other mitigation measures like privilege separation, are not subject to this flaw.<ref name="PW78Z">{{cite web | url=http://www.i-programmer.info/news/149-security/8120-ntp-the-latest-open-source-security-problem.html | title=NTP The Latest Open Source Security Problem | publisher=I Programmer | date=23 December 2014 | last=Fairhead | first=Harry | access-date=24 December 2014 | archive-url=https://web.archive.org/web/20141224071634/http://www.i-programmer.info/news/149-security/8120-ntp-the-latest-open-source-security-problem.html | archive-date=24 December 2014 | url-status=dead}}</ref> A 2017 security audit of three NTP implementations, conducted on behalf of the Linux Foundation's Core Infrastructure Initiative, suggested that both NTP<ref name="VBrX5">''[http://support.ntp.org/bin/view/Main/SecurityNotice NTP SecurityNotice Page] {{Webarchive|url=https://web.archive.org/web/20140219093152/http://support.ntp.org/bin/view/Main/SecurityNotice |date=2014-02-19}}''</ref><ref name="T0ZbX">''[https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Antp&cpe_product=cpe%3A%2F%3A%3Antp NVD NIST Product Search NTP]''</ref> and NTPsec<ref name="YK5og">''[https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Antpsec&cpe_product=cpe%3A%2F%3A%3Antpsec NVD NIST Product Search NTPsec] {{Webarchive|url=https://web.archive.org/web/20200626160445/https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Antpsec&cpe_product=cpe%3A%2F%3A%3Antpsec |date=2020-06-26}}''</ref> were more problematic than chrony<ref name="rPdf5">''[https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Atuxfamily&cpe_product=cpe%3A%2F%3A%3Achrony NVD NIST Product Search Chrony] {{Webarchive|url=https://web.archive.org/web/20200626200844/https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Atuxfamily&cpe_product=cpe%3A%2F%3A%3Achrony |date=2020-06-26}}''</ref> from a security standpoint.<ref name="nPXeu">{{cite web |url=https://www.linuxfoundation.org/blog/cii-audit-identifies-secure-ntp-implementation/ |archive-url=https://web.archive.org/web/20180203195701/https://www.linuxfoundation.org/blog/cii-audit-identifies-secure-ntp-implementation/ |archive-date=2018-02-03 | title=CII Audit Identifies Most Secure NTP Implementation |publisher=The Linux Foundation |date=September 28, 2017 |access-date=2019-07-03}}</ref> NTP servers can be susceptible to [[man-in-the-middle attack]]s unless packets are cryptographically signed for authentication.<ref name="cGifv">{{cite IETF | rfc=5906 | title=Network Time Protocol Version 4: Autokey Specification | publisher=IETF | date=June 2010}}</ref> The computational overhead involved can make this impractical on busy servers, particularly during [[denial of service]] attacks.<ref name="7a6Kk">{{cite web | url=http://www.eecis.udel.edu/~mills/security.html | title=NTP Security Analysis | access-date=11 October 2013 | archive-url=https://web.archive.org/web/20130907040625/http://www.eecis.udel.edu/%7emills/security.html | archive-date=7 September 2013 | url-status=dead}}</ref> NTP message [[Spoofing attack|spoofing]] from a man-in-the-middle attack can be used to alter clocks on client computers and allow a number of attacks based on bypassing of cryptographic key expiration.<ref name="OcBCA">{{cite web | url=https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf | title=Bypassing HTTP Strict Transport Security | date=2014-10-16 | access-date=2014-10-16 | author=Jose Selvi | archive-url=https://web.archive.org/web/20141018053055/https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf | archive-date=2014-10-18 | url-status=dead}}</ref> Some of the services affected by fake NTP messages identified are [[Transport Layer Security|TLS]], [[DNSSEC]], various caching schemes (such as DNS cache), [[Border Gateway Protocol]] (BGP), Bitcoin {{Citation needed|reason=the whole point of PoW is to avoid timestamps, this does not makes sense|date=April 2022}}and a number of persistent login schemes.<ref name="CjQpl">{{Cite journal | url=http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf | title=Attacking the Network Time Protocol | author1=Aanchal Malhotra | author2=Isaac E. Cohen | author3=Erik Brakke | author4=Sharon Goldberg | name-list-style=amp | date=20 October 2015 | journal=NDSS | archive-url=https://web.archive.org/web/20151022140151/http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf | archive-date=22 October 2015 | url-status=dead | access-date=27 October 2015}}</ref><ref name="PglM9">{{Cite web | title = Attacking the Network Time Protocol | url = http://www.cs.bu.edu/~goldbe/NTPattack.html | website = www.cs.bu.edu | access-date = 2015-10-27 | archive-url = https://web.archive.org/web/20151024172618/http://www.cs.bu.edu/~goldbe/NTPattack.html | archive-date = 2015-10-24 | url-status = dead}}</ref> NTP has been used in [[distributed denial of service attack]]s.<ref name="ElmaH">{{cite web |last=Goodin |first=Dan |url=https://arstechnica.com/security/2014/01/new-dos-attacks-taking-down-game-sites-deliver-crippling-100-gbps-floods/ |title=New DoS attacks taking down game sites deliver crippling 100Gbps floods |website=Ars Technica |date=2014-01-13 |access-date=2014-01-25 |archive-url=https://web.archive.org/web/20140124074451/http://arstechnica.com/security/2014/01/new-dos-attacks-taking-down-game-sites-deliver-crippling-100-gbps-floods/ |archive-date=2014-01-24 |url-status=live}}</ref><ref name="Eb0sO">{{cite web |last=Lee |first=Dave |url=https://www.bbc.co.uk/news/technology-26136774 |title=Huge Hack 'Ugly Sign of Future' for Internet Threats |publisher=BBC |date=2014-02-11 |access-date=2014-02-12 |archive-url=https://web.archive.org/web/20140211175533/http://www.bbc.co.uk/news/technology-26136774 |archive-date=2014-02-11 |url-status=live}}</ref> A small query is sent to an NTP server with the return [[IP address spoofing|IP address spoofed]] to be the target address. Similar to the [[DNS amplification attack]], the server responds with a much larger reply that allows an attacker to substantially increase the amount of data being sent to the target. To avoid participating in an attack, NTP server software can be upgraded or servers can be configured to ignore external queries.<ref name="wkYHy">{{cite web|url=http://support.ntp.org/bin/view/Main/SecurityNotice#April_2010_DRDoS_Amplification_A|title=DRDoS / Amplification Attack using ntpdc monlist command|website=support.NTP.org|date=2010-04-24|access-date=2014-04-13|archive-url=https://web.archive.org/web/20140330131447/http://support.ntp.org/bin/view/Main/SecurityNotice#April_2010_DRDoS_Amplification_A|archive-date=2014-03-30|url-status=live}}</ref> === Secure extensions === NTP itself includes support for authenticating servers to clients. NTPv3 supports a [[symmetric key]] mode, which is not useful against MITM. The [[public key]] system known as "autokey" in NTPv4 adapted from [[IPSec]] offers useful authentication,<ref name="cGifv"/> but is not practical for a busy server.<ref name="7a6Kk"/> Autokey was also later found to suffer from several design flaws,<ref>{{Cite conference|url=https://www.ietf.org/proceedings/83/slides/slides-83-tictoc-1.pdf|title=Analysis of NTP's Autokey Protocol|author1=Dieter Sibold|author2=Stephen Röttger|conference=IETF 83|date=2012}}</ref> with no correction published, save for a change in the [[message authentication code]].{{Ref RFC|8573}} Autokey should no longer be used.{{ref RFC|8633|section=4.2}} '''Network Time Security''' (NTS) is a secure version of NTPv4 with [[Transport Layer Security|TLS]] and [[Authenticated encryption|AEAD]].<ref>{{Cite web|title=nts.time.nl homepage|url=https://nts.time.nl/|access-date=2021-08-19|website=nts.time.nl}}</ref> The main improvement over previous attempts is that a separate "key establishment" server handles the heavy asymmetric cryptography, which needs to be done only once. If the server goes down, previous users would still be able to fetch time without fear of MITM.{{Ref RFC|8915}} NTS is supported by several NTP servers including [[Cloudflare]] and [[Netnod]].<ref>{{Cite web|last=Langer|first=Martin|date=2019-12-05|title=Setting up NTS-Secured NTP with NTPsec|url=https://weberblog.net/setting-up-nts-secured-ntp-with-ntpsec/|access-date=2021-08-19|website=Weberblog.net|language=en-US}}</ref><ref>{{Cite web|title=How to use NTS {{!}} Netnod|url=https://www.netnod.se/time-and-frequency/how-to-use-nts|access-date=2021-08-19|website=Netnod}}</ref> It can be enabled on {{Proper name|chrony}}, NTPsec, and ntpd-rs.<ref>{{cite web |date=13 August 2024 |title=Network Time Security · Cloudflare Time Services docs |url=https://developers.cloudflare.com/time-services/nts/ |access-date=12 January 2025 |website=developers.cloudflare.com |language=en}}</ref> Microsoft also has an approach to authenticate NTPv3/SNTPv4 packets using a [[Windows domain]] identity, known as MS-SNTP.<ref>{{cite web | url=https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sntp/8106cb73-ab3a-4542-8bc8-784dd32031cc | title=[MS-SNTP]: Network Time Protocol (NTP) Authentication Extensions | date=24 June 2021 }}</ref> This system is implemented in the reference ntpd and chrony, using [[Samba (software)|samba]] for the domain connection.<ref name="comparison">{{Cite web|title=Comparison of NTP implementations|url=https://chrony.tuxfamily.org/comparison.html|publisher=chrony.tuxfamily.org|accessdate=2019-10-08}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)