Re: [TICTOC] new threat for time protocols
Brian Haberman <brian@innovationslab.net> Thu, 13 November 2014 21:02 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 874F31AD503 for <tictoc@ietfa.amsl.com>; Thu, 13 Nov 2014 13:02:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YINUp5EUQOfj for <tictoc@ietfa.amsl.com>; Thu, 13 Nov 2014 13:02:15 -0800 (PST)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D48F1AD4F4 for <tictoc@ietf.org>; Thu, 13 Nov 2014 13:02:15 -0800 (PST)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 56671880E7 for <tictoc@ietf.org>; Thu, 13 Nov 2014 13:02:15 -0800 (PST)
Received: from dhcp-b7dc.meeting.ietf.org (t2001067c03700176418729ae24b9ddcf.wireless-a.v6.meeting.ietf.org [IPv6:2001:67c:370:176:4187:29ae:24b9:ddcf]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 319E913681FA for <tictoc@ietf.org>; Thu, 13 Nov 2014 13:02:15 -0800 (PST)
Message-ID: <54651C50.6050008@innovationslab.net>
Date: Thu, 13 Nov 2014 16:02:08 -0500
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tictoc@ietf.org
References: <1850082ffe334c9091e18026d75c062c@AMSPR03MB440.eurprd03.prod.outlook.com> <bd8585b6d2f94671986a7be2fe94dd48@AMSPR03MB440.eurprd03.prod.outlook.com>
In-Reply-To: <bd8585b6d2f94671986a7be2fe94dd48@AMSPR03MB440.eurprd03.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="r3Bu8vTumGHUuFcsLpkVt8WSgplwofmUR"
Archived-At: http://mailarchive.ietf.org/arch/msg/tictoc/URWc6_y3S9hsaRJ00FJFXPQ8mvM
Subject: Re: [TICTOC] new threat for time protocols
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Nov 2014 21:02:18 -0000
Hi Yaakov, On 11/13/14 3:46 PM, Yaakov Stein wrote: > Just to clarify (several people have emailed me off-line) > this is not a threat to the timing service, > it is a threat to the infrastructure made possible because of the timing traffic. > > In that sense it is similar to the NTP DDoS attack. Can you explain more? I am not sure how it is similar to the DDoS attack. Yes, you can analyze the traffic and discover the addresses of the devices on the network, but that is not an active attack like the DDoS one. Regards, Brian
- [TICTOC] new threat for time protocols Yaakov Stein
- Re: [TICTOC] new threat for time protocols Yaakov Stein
- Re: [TICTOC] new threat for time protocols Brian Haberman