EditWYSIWYGAttachPrintable
r1 - 2013-08-23 - 06:39:12 - AllenZhongYou are here: NTP >  Dev Web > GoogleSummerOfCode > GSoC2013UnitTestingAllen > LeapSecondTest
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
This page is a simple description of testing the leap-second implementation in NTP, this is part of my GSoC project as suggested by Harlan and I got many help from Martin.

This page is not completed yet and may contains incorrect information, I'll update it in few more days and any comment about mistakes are welcomed.

Setting up a NIST Server

This part is pretty much a tutorial than a documentation, I'll list all the necessary steps of setting up a fake NIST server with fake time for the following tests, all the commands are based on Ubuntu 12.04 LTS system and may differ from other distributions and/or systems.

A NIST server can be simply simulated by setting up a NTP server and a anonymous FTP server on the same IP. I use a pre-build ntpd from Ubuntu's repo to simplify the commands, if a ntp-dev is needed, you have to compile it by own.

Firstly, we install the necessary packages. vsftpd is a FTP server that easy to configure.

sudo apt-get install ntp vsftpd

And we get files from a NIST ftp server. For example, if we decide to put root of FTP to /srv/ftp, we do:

cd /srv/ftp
wget -r ftp://nist1-ny2.ustiming.org/

Then we need to change settings of ntpd so that it can announce a fake time.

sudo vi /etc/ntp.conf

We just comment all the `server` lines out.

Now we set the system time to somewhere a little before a leap second took place, e.g, Jun 29, 2012, and then restart the ntpd daemon.

sudo date -s "2012-06-29 15:00"
sudo service ntp restart

Now we just got back to 9 hours earlier than a leap-second in the past.

-- AllenZhong - 2013-08-23

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r5 | r4 < r3 < r2 < r1 | More topic actions...
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback