Home / Blogs

NTP: The Most Neglected Core Internet Protocol

The Internet of today is awash with networking protocols, but at its core lies a handful that fundamentally keep the Internet functioning. From my perspective, there is no modern Internet without DNS, HTTP, SSL, BGP, SMTP, and NTP.

Of these most important Internet protocols, NTP (Network Time Protocol) is the likely least understood and has the least attention and support. Until very recently, it was supported (part-time) by just one person—Harlan Stenn.  My own alarm bells rang after reading Cory Doctorow’s article over at Boing Boing who described the project as being marginally supported and “had lost the root passwords to the machine where the source code was maintained (so that machine hadn’t received security updates in many years), and that machine ran a proprietary source-control system that almost no one had access to, so it was very hard to contribute to”.

Just about all secure communication protocols and server synchronization processes require that they have their internal clocks set the same. NTP is the protocol that allows all this to happen.

A member of the Network Time Foundation (the fiscal sponsors of NTP) reached out to me to dispute Doctorow’s assertion that the root passwords had been lost and points out that a team have been performing security audits and testing via several methods for many years. That’s great news and helps settle some of the fears that further advancements of NTP will stall. It’s too critical for that to happen.

ICEI and CACR have gotten involved with supporting NTP and there are several related protocol advancements underway to increase security of such vital component of the Internet. NTS (Network Time Security), currently in draft version with the Internet Engineering Task Force (IETF), aims to give administrators a way to add security to NTP and promote secure time synchronization.

While there have been remarkably few exploitable vulnerabilities in NTP over the years, the recent growth of DDoS botnets (such as Mirai) utilizing NTP Reflection Attacks shone a new light on its frailties and importance.

Some relevant stories on the topic of how frail and vital NTP has become, and what’s being done to improve the situation can be found at:

Time is Running Out for NTP
NTP: the rebirth of ailing, failing core network infrastructure
The internet’s core infrastructure is dangerously unsupported and could crumble (but we can save it!)
Security updates to NTP

Editor’s Note: This post was updated to include comments from Network Time Foundation.

By Gunter Ollmann, CTO, Security (Cloud and Enterprise) at Microsoft

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global