NTF received a complaint about TOR servers in the NTP Pool

Hi Pool folks and @ask,

Steve over at Network Time Foundation. Got this message today and wondered if you could help me with a response that won’t leave a bad taste in his mouth as this is a complaint. I also must educate him that the NTP Pool is not PART of NTP.org.

We are finding that some IP addresses that used to be TOR activities are being reused in the NTP.org pool. This is really bad and we are moving all NTP away from NTP.org as a result. This seems to be a deliberate attempt by hackers to normalize TOR activity as all TOR servers are blocked in most enterprise firewalls. By reusing spent onion IP's in NTP.org they are essentially washing them off for later reuse.

This is not acceptable.

I guess that’s his business decision?

TOR is just a free / open source anonymization service. Anyone can connect and use it, anyone can offer to be an endpoint. Not everyone wants to be tracked by big brother. Its purpose is no different than all the paid VPN / proxy services that are also available.

The NTP Pool is a volunteer service that provides time FREE to anyone that wants to use it. If he doesn’t want to use it, then that’s his personal prerogative. Likewise any serious business would likely (should) have corporate requirements on their time traceability. Meaning they end up using NIST servers directly, and / or a local time server appliance with GPS.

If a hacker was really up to no good, they would use a stolen CC to pay for either several VPN services or cloud computing time (i.e. Google Cloud or AWS) and use that… Not TOR…

Also TOR doesn’t transport UDP packets, only TCP.

Thanks Jason. Got a similar response from another pool volunteer. Just want to make sure that we address this and do not simply dismiss this. It’s a learning opportunity for this person, and an opportunity to better define the NTF-NTP Pool relationship and proper pool use.

Does it make sense to state that the pool is for General Public consumption/end-users, not mission-critical stuff or for time-source that REQUIRES traceability either because of public policy or legislation requiring traceability?

IE, yer mom’s fridge/phone/Tesla Car can get time from the pool, but prolly not the BEST idea for your Bank?

Too much to say that?


I see no reason to unblock TOR IP addresses for NTP use in enterprise firewalls. If their servers use the pool directive which is available in both ntpd and chronyd, NTP time sources which are blocked by a firewall will automatically be replaced by other non-filtered NTP sources after enough timeouts happened.

Seems to me a complaint from someone at a management level who may not completely understand the technical issue at hand.

The tone of the complaint is like a threat, like they owe the ntp.org something? Are they paying for a vendor zone, or donating members to the NTF?


Hi, the text at the bottom of https://www.ntppool.org/en/use.html may help? There’s a link there to the ToS too.

Additional Notes

Consider if the NTP Pool is appropriate for your use. If business, organization or human life depends on having correct time or can be harmed by it being wrong, you shouldn’t “just get it off the internet”. The NTP Pool is generally very high quality, but it is a service run by volunteers in their spare time. Please talk to your equipment and service vendors about getting local and reliable service setup for you. See also our terms of service. We recommend time servers from Meinberg, but you can also find time servers from End Run, Spectracom and many others.

Yes, it seems like they’ve seen the keyword “Tor” and then proceeded to conflate all sorts of unrelated things ending up with throwing the baby out with the bathwater!

1 Like

thanks @lammert & @elljay for your comments. The commercial org he is representing is NOT donating squat that I can tell. Hate it to be about money, but NONPROFITS NEED OPERATING CAPITAL FROM STAKEHOLDERS IN OSS and for NTP Pool.

IMO, a GREAT idea would be to turn this guy on to the NTP Pool Discourse to get answers from you all! OK for me to do that?

Actually, I might see if i can send him the link provided above for the “is the pool appropriate” and that way he is INFORMED.

I sent this using your inputs. PS, always asking for financial support on these cause we need it!

RE: NTP Pool

Hi George,

Steve Sullivan from Network Time Foundation replying to your message RE: the NTP Pool.

I first want to clarify some of the confusion over relationships of the organizations you mention, as it is useful to understand the lay of the land. NTP.org is actually the original David Mills/UDEL website that the NTP Pool Project ran under when Dave Mills, NTP Inventor, was still very active in the project. He is not pretty much retired, and the ntp.org site will eventually be melded into https://support.ntp.org, the NTP Project support wiki hosted by our 501c3 nonprofit organization, Network Time Foundation. Obviously, you found NTF at https://www.nwtime.org/. We are more focused on fundraising for NTP, LinuxPTP, General Timestamp API, and other time/sync Open Source Software projects. We also provide infrastructure to the OSS projects, but NOT to the NTP Pool Project.

The NTP Pool Project is an independently operated project with its own all-volunteer server operators. We do help each other out for the betterment the NTP community, but the relationship is more of a collaboration. However, NTF owns the domain the NTP Pool uses, so whois may have sent you in our direction.

After speaking with a few of the NTP Pool Project volunteers RE your message, it was pointed out that https://www.ntppool.org/en/use.html could be very helpful for deciding on when the pool is appropriate for use. I was also referred to https://www.ntppool.org/tos.html for the TOS of the NTP Pool. Typically, if this is mission critical, lives depend on it, or legislation drives requirements for traceability, a vendor would want to work with NIST or another top tier time provider to get authenticated time sources. An organization could also turn up its own refclock or use a GPS receiver for same.

TOR is a free, open source anonymization service. Anyone can connect and use it, anyone can offer to be an endpoint. Not everyone wants to be tracked by big brother, and its purpose is no different than all the paid VPN / proxy services that are also available. The NTP Pool is a volunteer service that provides time FREE to any individual that wants to use it. The Pool also operates on the premise that MORE NTP in more geographic locations will improve time for all time consumers. Vendors however should NOT use the generic Zones, and should apply to have their own Vendor Zone to help absorb the potential load a manufacturer throws at the pool, both of which are explained here on the NTP Pool Project website: https://www.ntppool.org/en/vendors.html. We deal with this being missed quite often, and it really hurts the pool when a vendor sends millions of units hard-coded to use the standard pool.ntp.org names as a default configuration. Its all about load balancing and BW for the pool, both of which cost real $$$$.

I hope that is somewhat helpful to you. Also, have you registered on Network Time Foundation’s support wiki at https://support.ntp.org and on any of the NTP Mailing lists on https://lists.ntp.org/listinfo? Additionally, you may wish to connect with the NTP Pool directly via the links posted on https://www.ntppool.org/en/mailinglists.html.

Also, if your employer is seeking sponsorship opportunities for the NTP Project, LinuxPTP, Network Time Security, and the NTP Pool project, please have them contact me. Since we are a fundraising organization, we are able to take donations and NTF Membership dues and distribute the funding accordingly to the projects we support.

Please feel free to reach out to me with any other questions.

Kind regards,

Steve Sullivan
Network Time Foundation, Inc.

1 Like

Good reply Steve. I think you covered all bases…

FYI, on my server I do block TOR IPs. They were used a lot by spambot registration attempts, which would get auto-blocked anyhow, so I finally had enough and used some blocklists for TOR endpoints.

But I also use a LOT of other blocklists from other sources too to curb spam, malware, abuse, etc. from undesirable sources. But I’m just one guy with a website, not a corporate enterprise so whatever decision I make only affects me.

Everyone can run TOR node and everyone can run NTP server (and add it to pool) on same IP before, later and at the same time. IPs addressing world is not permanent. Last day one customer use TOR, today other customer run NTP. There is no connection between these events.

1 Like

That’s such an absurd complaint, it does not deserve a reply.

Not everyone understands the detail of how things work, so probably best to reply and explain so it doesn’t escalate.

1 Like

@elljay - see my reply above. I also pointed him to this forum.

Questions like this open up conversations tha can lead to DONATIONS and to better informed people. I cannot tell you how many people are unaware of the Vendor Zones and then beat up the pool. Better to help them IMO.