Tel: +44 (0) 1902 897400
Fax: +44 (0) 870 123 1844

Home	Products	About Us	Contact		Support

The Misuse and Abuse of NTP Server Systems

Network Time Protocol (NTP) is a standard Internet protocol for the dissemination of time around a computer network. The protocol operates in a hierarchical manner, each level or stratum serving the next level in the hierarchy. At the top of the hierarchical structure is a stratum 1 NTP server that synchronise's to an external time and frequency reference. Many stratum 1 NTP servers reside on the Internet and are used for synchronising network time clients.

There have been a number of reported problems of network time server misuse or abuse. This article discusses some of the reported NTP time server abuse incidents and describes NTP configuration methods that can reduce such problems. Most incidents seem to have occurred due to manufacturer configuration issues rather than malicious intent.

Many NTP server misuse issues have arisen from client configuration errors, particularly in consumer electronic equipment. Due to the volume of consumer electronic equipment manufactured and in-use, any configuration issues with equipment that access NTP time servers can greatly magnify problems. Typically, clients with configuration errors or firmware bugs that cause repeated access to a network time server can cause server loading problems when a large number of clients are involved.

A recent high-profile incident of consumer electronic equipment causing NTP server problems was with consumer router equipment. Home router devices were accessing stratum 1 Internet time servers and flooding them with requests for time. Many NTP time server administrators noticed a large increase in traffic and server loading. Many stratum 1 NTP servers have an access policy that forbids anything other than a stratum 2 server from requesting time. Home router equipment should not therefore directly access a stratum 1 time server.

In a separately reported network time server misuse case, an Internet based NTP server was being bombarded by ever-increasing volumes of traffic. It was initially thought that this was due to an attack on the server. However, the amount of traffic continued to rise over time rather than decrease. Eventually, it was found that a number of router devices manufactured by a well-known network equipment manufacturer had hard-coded the IP address of the time server into the routers firmware. Each router in operation was contacting the server at regular intervals in an attempt to synchronise time. The volume of devices in operation eventually overloaded the server.

The NTP protocol implements a rather general-purpose address mask restricted use policy. This allows only IP addresses within a specified range or that fit a specified address mask access to a NTP time server. Alternatively, clients can be excluded from access by explicitly including them in a restriction list. Rogue clients can therefore be excluded access to the NTP server by explicitly restricting access.

Usually, the server drops NTP requests that are denied access. However, occasionally a harsher response is required. The server can respond with a message explicitly requesting the client to cease sending. A special packet has been created for this purpose called the ‘kiss-o-death’ packet. Kiss codes can convey useful information to an intelligent client. The character string codes are designed for easy viewing in log files and convey denial of service messages. When a client receives a ‘kiss-o-death’ packet, it should stop sending to a particular server and locate an alternative server, if available. If no alternative server is available, the client should delay for an exponentially increasing time before retrying the server.

Biography:
D. Evans is a technical author with a background in network time server solutions, reference clocks and telecommunications devices. David Evans provides a technical authoring service to NTP time server manufacturers. Dave has also provided a configuration, installation and repair service for computer time synchronisation systems. Click here to find out more about network time server solutions.

Product Groups

Rack-Mountable NTP Servers

Compact NTP Servers

GPS PC Time Servers

LF Radio PC Time Servers

Time Displays: Ethernet Networked NTP Clocks

GPS\LF Over Fiber Solutions

Email:
Info@TimeTools.co.uk

UK
Tel: 01902 897400
Fax: 0870 123 1844

International:
Tel: +44 1902 897400
Fax: +44 870 123 1844

TimeTools Limited.
Unit 34,
Wombourne Enterprise Park,
Bridgnorth Road,
Wombourne,
South Staffordshire.
WV5 0AL
UK

Customer List

TimeTools provides network timing solutions to organizations world-wide. Here's a selection:

more>

Environment

All TimeTools products conform to EU Directive 2002/95 which restricts of the use of certain hazardous substances in electrical and electronic equipment.

More Information	Product Information	Popular Categories
Site Map Web-Site Terms & Conditions Useful Links	Product List	NTP Server NTP Time Server Time Server Atomic Clock Digital Wall Clock Notes

UK Sales:	01902 897400	International Sales:	+44 1902 897400
Copyright © 2002-2012 TimeTools. All Rights Reserved. All Trademarks Acknowledged.