[Full-Disclosure] Re: Fwd: Re: FullDisclosure: Security aspects of time synchronization infrastructure
gadgeteer at elegantinnovations.org
gadgeteer at elegantinnovations.org
Sun Aug 22 16:25:09 BST 2004
On Fri, Aug 20, 2004 at 10:26:08AM +0400, 3APA3A (3APA3A at SECURITY.NNOV.RU) wrote:
[...]
> you state:
>
> If there is a host with reliable time on the network (that is host
> synchronized with some hardware source, like radio clocks, cesium
> clocks, GPS clocks, etc) - whole network will be finally, after some
> time, synchronized with this host.
>
> Depending upon the criticality of the time sensitive applications on
> the network, you might want to reconsider the use of "radio clocks"
> and especially "GPS clocks". These time sources are also subject to
> attacks. Any free air broadcast is subject to jamming. This is
> essentially a DoS. Spoofing to provide incorrect time signal is also
> possible with free air broadcast, but less easy to do.
[...]
For a fixed installation detecting if someone is dinking the gps signal
is trivial. The unit starts thinking it is not in Kansas anymore.
--
Chief Gadgeteer
Elegant Innovations
Full-Disclosure is hosted and sponsored by Secunia.