Prevention of NTP reflection attacks using TTM systems
Dear colleagues, During the evening of Wednesday 8 January, the RIPE NCC received initial reports about the abuse of some of our Test Traffic Measurement (TTM) systems, specifically about the use of NTP in reflection attacks. Within 24 hours of receiving the first report, we adapted the NTP configuration on all our TTM hosts so that this specific type of attack is no longer possible using the TTM infrastructure. We would like to thank Gert Doering (SpaceNet) and Michael Hausding (SWITCH-CERT) for reporting the abuse to us. We’d also like to share this resource about securing NTP servers that you may find useful: http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html We are taking this opportunity to remind you that we are nearing end of service for TTM. As we announced previously, TTM shutdown is scheduled for the end of Q1, 2014. RIPE Atlas, and specifically RIPE Atlas anchors, will provide much of the functionality of TTM. More details, including information about hosting a RIPE Atlas anchor, are available at: https://atlas.ripe.net/about/anchors/ Kind regards, Romeo Zwart RIPE NCC
Hello, we are trying to reuse the trimble GPS from our old TTM server in a Linux NTP machine, and it is not working. We can read some trash with a "cat /dev/ttyS0" (what means that the GPS is sending information), and we can use PPS driver (127.127.22.0) to read correctly the PPS signal. But the driver from RIPE (127.127.43.0) doesn't work. We compiled the ntpd (version 4.2.6p5) with the following options: ./configure --with-openssl-libdir=/usr/lib/x86_64-linux-gnu --with-openssl-incdir=/usr/include --enable-RIPENCC Our Linux is: # uname -a Linux monitor 3.11.0-20-generic #35~precise1-Ubuntu SMP Fri May 2 21:32:55 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.4 LTS Release: 12.04 Codename: precise Only after follow the recommendations at http://linuxpps.org/wiki/index.php/LinuxPPS_NTPD_support, the driver 127.127.43.0 is loaded by NTP, and appears in the list of peers, but no sync, just zeros. Does anyone in this list have any tips? Regards, Moreiras.
Hi, I believe the setup was only ever used on FreeBSD, so your luck may vary on Linux. Other than that my memory has faded too much to provide any specific hints. Gr, Mark On Tue, May 13, 2014 at 12:44 AM, Antonio M. Moreiras <moreiras@nic.br> wrote:
Hello, we are trying to reuse the trimble GPS from our old TTM server in a Linux NTP machine, and it is not working.
We can read some trash with a "cat /dev/ttyS0" (what means that the GPS is sending information), and we can use PPS driver (127.127.22.0) to read correctly the PPS signal. But the driver from RIPE (127.127.43.0) doesn't work.
We compiled the ntpd (version 4.2.6p5) with the following options:
./configure --with-openssl-libdir=/usr/lib/x86_64-linux-gnu --with-openssl-incdir=/usr/include --enable-RIPENCC
Our Linux is:
# uname -a Linux monitor 3.11.0-20-generic #35~precise1-Ubuntu SMP Fri May 2 21:32:55 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.4 LTS Release: 12.04 Codename: precise
Only after follow the recommendations at http://linuxpps.org/wiki/index.php/LinuxPPS_NTPD_support, the driver 127.127.43.0 is loaded by NTP, and appears in the list of peers, but no sync, just zeros.
Does anyone in this list have any tips?
Regards, Moreiras.
Hi, On 13 May 2014, at 8:13, Mark Santcroos <mark@santcroos.net> wrote:
Hi,
I believe the setup was only ever used on FreeBSD, so your luck may vary on Linux. Other than that my memory has faded too much to provide any specific hints.
Gr,
Mark
On Tue, May 13, 2014 at 12:44 AM, Antonio M. Moreiras <moreiras@nic.br> wrote:
Hello, we are trying to reuse the trimble GPS from our old TTM server in a Linux NTP machine, and it is not working.
We can read some trash with a "cat /dev/ttyS0" (what means that the GPS is sending information), and we can use PPS driver (127.127.22.0) to read correctly the PPS signal. But the driver from RIPE (127.127.43.0) doesn't work.
Do you still have the so called “clock card” in between? which is basically a rs422 to rs232 protocol converter + power supply. you might want to hook up the antenna to a windows pc so you can run the windows diagnostics tools from trimble to see if it is still working. you want to see that ntp status converges to 0x2107 after some time. Best Regards, Ruben
We compiled the ntpd (version 4.2.6p5) with the following options:
./configure --with-openssl-libdir=/usr/lib/x86_64-linux-gnu --with-openssl-incdir=/usr/include --enable-RIPENCC
Our Linux is:
# uname -a Linux monitor 3.11.0-20-generic #35~precise1-Ubuntu SMP Fri May 2 21:32:55 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.4 LTS Release: 12.04 Codename: precise
Only after follow the recommendations at http://linuxpps.org/wiki/index.php/LinuxPPS_NTPD_support, the driver 127.127.43.0 is loaded by NTP, and appears in the list of peers, but no sync, just zeros.
Does anyone in this list have any tips?
Regards, Moreiras.
Hi Antonio, On 14/05/13 00:44 , Antonio M. Moreiras wrote:
Hello, we are trying to reuse the trimble GPS from our old TTM server in a Linux NTP machine, and it is not working.
We have been doing some testing in the RIPE NCC with some linux flavours. A RIPE Labs article with details is in preparation and will be shared with this list soon. We will contact you off line to share our experience. Regards, Romeo
We can read some trash with a "cat /dev/ttyS0" (what means that the GPS is sending information), and we can use PPS driver (127.127.22.0) to read correctly the PPS signal. But the driver from RIPE (127.127.43.0) doesn't work.
We compiled the ntpd (version 4.2.6p5) with the following options:
./configure --with-openssl-libdir=/usr/lib/x86_64-linux-gnu --with-openssl-incdir=/usr/include --enable-RIPENCC
Our Linux is:
# uname -a Linux monitor 3.11.0-20-generic #35~precise1-Ubuntu SMP Fri May 2 21:32:55 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.4 LTS Release: 12.04 Codename: precise
Only after follow the recommendations at http://linuxpps.org/wiki/index.php/LinuxPPS_NTPD_support, the driver 127.127.43.0 is loaded by NTP, and appears in the list of peers, but no sync, just zeros.
Does anyone in this list have any tips?
Regards, Moreiras.
participants (4)
-
Antonio M. Moreiras -
Mark Santcroos -
Romeo Zwart -
Ruben van Staveren