Article development led by
Crackers discover how to use NTP
as a weapon for abuse.
BY HARLAN STENN
IN THE LATE 1970s David L. Mills began working on
the problem of synchronizing time on networked
computers, and Network Time Protocol (NTP) version
1 made its debut in 1980. This was when the Net was
a much friendlier place—the ARPANET days. NTP
version 2 appeared approximately one year later, about
the same time as Computer Science Network (CSNET).
National Science Foundation Network (NSFNET)
launched in 1986. NTP version 3 showed up in 1993.
Depending on where you draw the line, the Internet
became useful in 1991–1992 and fully arrived in 1995.
NTP version 4 appeared in 1997. Now, 18 years later,
the Internet Engineering Task Force (IETF) is almost
done finalizing the NTP version 4 standard, and some
of us are starting to think about NTP version 5.
All of this is being done by volunteers—with no
budget, just by the good graces of companies and
individuals who care. This is not a sustainable
situation. Network Time Foundation (NTF) is the
vehicle that can address this problem,
with the support of other organizations
and individuals. For example, the Linux
Foundation’s Core Infrastructure Ini-
tiative recently started partially fund-
ing two NTP developers: Poul-Henning
Kamp for 60% of his available time to
work on NTP, and me for 30%–50% of
my NTP development work. (Please vis-
it http://nwtime.org/ to see who is sup-
porting Network Time Foundation.)
On the public Internet, NTP tends to
be visible from three types of machines.
One is in embedded systems. When
shipped misconfigured by the vendor,
these systems have been the direct
cause of abuse ( http://en.wikipedia.org/
These systems do not generally support
external monitoring, so they are not gen-
erally abusable in the context of this ar-
ticle. The second set of machines would