NTP BUG 2781: Authentication doesn't protect symmetric associations against DoS attacks
Last update: February 15, 2022 20:59 UTC (43fbd379b)
||07 Apr 2015
||All NTP releases starting with at least xntp3.3wy up to but not including ntp-4.2.8p2
where the installation uses symmetric key authentication.
|Resolved in 4.2.8p2.
||could be 4.3 or lower, and it could be higher than 5.4
An attacker knowing that NTP hosts A and B are peering with each other (symmetric association) can send a packet to host A with source address of B which will set the NTP state variables on A to the values sent by the attacker. Host A will then send on its next poll to B a packet with originate timestamp that doesn’t match the transmit timestamp of B and the packet will be dropped. If the attacker does this periodically for both hosts, they won’t be able to synchronize to each other. This is a known denial-of-service attack, described in Analysis and Simulation of the NTP On-Wire Protocols.
According to the document the NTP authentication is supposed to protect symmetric associations against this attack, but that doesn’t seem to be the case. The state variables are updated even when authentication fails and the peers are sending packets with originate timestamps that don’t match the transmit timestamps on the receiving side.
This seems to be a very old problem, dating back to at least xntp3.3wy. It’s also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905)) specifications, so other NTP implementations with support for symmetric associations and authentication may be vulnerable too. An update to the NTP RFC to correct this error is in-process.
- Upgrade to 4.2.8p2 or later.
- Note that for users of autokey, this specific style of MITM attack is simply a long-known potential problem.
ntpd with appropriate time sources and monitor
ntpd. Alert your staff if problems are detected.
This issue was discovered by Miroslav Lichvar, of Red Hat.