Professional Documents
Culture Documents
New Microsoft Word Document
New Microsoft Word Document
New Microsoft Word Document
There have been a number of reported problems of network time server misuse or
abuse. This article discusses some of the reported NTP time server abuse incidents
and describes NTP configuration methods that can reduce such problems. Many
reported incidents seem to be because of equipment manufacturer configuration
errors rather than malice.
Many NTP server misuse issues have arisen from client configuration errors,
particularly in consumer electronic equipment. Due to the volume of consumer
electronic equipment manufactured and in-use, any configuration issues with
equipment that access NTP time servers can greatly magnify problems. Typically,
clients with configuration errors or firmware bugs that cause repeated access to a
network time server can cause server loading problems when a large number of
clients are involved.
In another seperate NTP server abuse case, an Internet NTP time server resource
was being swamped by increasingly larger volumes of requests for time. It was
initially thought that this was due to an attack on the server. However, the amount
of traffic continued to rise over time rather than decrease. It was eventually found
that home router equipment manufactured by a large manufacturer had hard
coded the NTP servers IP address in the products firmware. Each router in
operation was contacting the server at regular intervals in an attempt to
synchronise time. The volume of devices in operation eventually overloaded the
server.
Usually, the server drops NTP requests that are denied access. However,
occasionally a harsher response is required. The time server can explicitly tell the
client to stop sending with a special message. A special packet has been created
for this purpose called the ‘kiss-o-death' packet. Kiss codes can convey useful
information to an intelligent client. The packet contains character strings, that can
be easily read in log files, that explain the denial of service. When a client receives
a ‘kiss-o-death' packet, it should stop sending to a particular server and locate an
alternative server, if available. If no alternative server is available, the client should
delay for an exponentially increasing time before retrying the server.