Successfully reported this slideshow.
You’ve unlocked unlimited downloads on SlideShare!
• Since 1985;
• David L. Mills.
• Latest version:4.2.8p10 Released on: 2017/03/21
• Stratum 0: atomic clocks, GPS or other
• Stratum 1: computers whose system time
is synchronized to within a few
• Stratum 2: synchronized over a network
to stratum 1
• synchronized to stratum 2 servers
• upper limit for stratum is 15; stratum 16
is used to indicate that a device is
• Windows win32time service NTP server
• Linux-> ntpd NTP server
Why do I need to think about NTP?
• Accurate timestamping is key to root-cause analysis, intrusion analysis
• one-time password protocols
• Kerberos( Active directory, LDAP, SSL)
• DNS cache flushing
• Glimpse of replay attack: common example of this sort of attack is
where people sniff the signatures from car remote locking systems
and then replay them to open the doors
Attacks on NTP so far
• Denial of service
• Distributed denial of service
• Information disclosure
• Buffer overflow
• Note: Vulnerabilities identified till Jan 2017
2 mins before Demo!!
• monlist is a debugging command that allows to retrieve information
from the monitoring facility about traffic associated with the NTP