Monitoring upgrade

What are the concerns they raise about the new monitoring system? Everything described is about the old system. In some regards the systems are the same, but mostly the new system should be more resilient.

So Kwon23 claims that " the new monitoring system currently being tested with 13 monitoring servers) is vulnerable to attack" . However, when push comes to shove, section 7.3 shows that if an attacker control multiple monitoring servers (apparenlty some are run by volunteers?, says the paper), it can evict some legitimate NTP servers from the pool by tampering with the scores. (seems plausible but a bit far fetched IMO).

Section 8 covers mitigations – pretty much adding stratum1 servers to sync clocks of monitoring servers and evaluting the RTTs. Section 8.2 proposes a new socring algorithm, which I think you folks did, by having medians which are good in exclujding outliers. Another thing is 8.3 where they suggest that ‘Adding unpredictability in monitoring’ would help.

In short: your new system with median scores seems to deal better with those scores.

The monitoring server IPs in the new system aren’t explicitly published, but a motivated attacker could easily figure out what they are.

Indeed, one of the two papers stated that the first NTP packets you receive if you add a new server from the pools i from the monitoring servers.

I didn’t read these specific two papers in detail yet, but there have been many over the years. I’m happy to take suggestions for improvements (or after a discussion pull requests on GitHub), but most of the past research along these lines seems like an academic write up of the XKCD (except I am in California and there are a handful of you helping out week to week and a few thousand people running servers).

Thanks for the openess, and I understand your position: you folks have been doing a great and free service to the Internet community for over twenty years, get virtually zero credit, and, just like a goalkeeper in soccer, are mostly remember when things allegedly don’ t go well – sometimes from academics that have incentives to finding issues instead of fixing them.

That’s how internet infrastructure generally works, isn’t it? I’d love to learn from other low-budget, volunteer run global internet infrastructure how they do things differently.

The NTP pool deserves far more credit that what it gets. As a user (and working for an operator who contributes to the pool), thank you for you folks time and service.

I didn’t know how crucial you folks were. The NTP pool is wikipedia-like timekeeper of the Internet. Like, one of our NTP servers received 7.2 billion queries from 158M clients and 52k ASes in 24 hours – one single server listed in the pool. And there are 4k+ serves. Thanks for doing this in you folks free time.

One of the concerns brought up in one of the recent papers (I think one of the ones you linked, @giovane) is around a few NTP servers getting disproportionately many of the requests in some countries. Improving on that is one of the next projects on my list now that the new monitoring system is in place.

That was on another (unpublished) paper, and that would definitely help.

thanks

3 Likes

That’s great, thanks!
I can confirm that it’s fixed.

Regards,
Chris R.

Thanks for the pointer to the day in the life paper. I notice checking the current monitoring for any.time.nl that I see the unusual statement that it’s not active in the pool, only in monitoring. My curiosity begs me to wonder why out loud…

The usual reason for this is to stop people from adding well-known public servers to the pool which shouldn’t be added, e.g. ntp.ubuntu.com, time.windows.com, etc. Because there’s no way to validate ownership of an NTP server at a given IP address (maybe NTS could fix this?) it’s technically possible for people to add those sites to their own pool accounts.

Speaking of which, I find myself wondering if Fatih Unlu is an alias for one of the pool admins, or just an enterprising nominator of public NTP servers to the pool:

https://www.ntppool.org/a/wolerine

It’s active in the pool, but at the moment only with it’s IPv6 address.

https://www.ntppool.org/a/TimeNL

Hey,

thanks for sharing this information.

I see a lot of company NTP servers there
(HE,Superonline,Apple,etc).

I have changed all servers in this account to “Monitoring Only” and have taken further measures.

@ask is working on something not to add such public systems, but I don’t know how far he is with it.

1 Like

I’m happy to help. I’m hopeful of helping bring up some more monitoring sites at a later date in Chicago and Freemont DCs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.