undefined | Better HN

story

0 pointsmlichvar6y ago0 comments

PTP over Internet doesn't make much sense. PTP requires hardware support in all network devices on the path between the (grand)master and slave. Without this support it will generally perform worse than NTP. Of course, it depends also on the implementation.

PTP does support unicast messaging, but it is not meant to be used as a public service. There are two major problems: It's not stateless and it has a huge traffic amplification, which could be easily exploited for DoS attacks.

0 comments

SEJeff6y ago

Yeah this is the most sensible reason against it. NTP is also responsible for some of the biggest traffic amplification DDoS events.

mlichvarOP6y ago

Yes, but NTP as a time service (client/server mode) is safe. A request has a single response and their lengths are symmetric (that's actually a requirement for accurate synchronization). The problem with amplification is in the optional monitoring/control modes of the protocol (modes 6 and 7 as used by the ntpq and ntpdc utilities respectively), which should be disabled on public servers. Unfortunately, there are still some old misconfigured servers causing problems for a lot of people.

In PTP the problem is in the synchronization protocol itself. A master in the unicast mode is basically a programmable packet generator. It sends sync/announce messages at a rate and duration specified by its slaves, and the address can be spoofed.

j / k navigate · click thread line to collapse

0 comments

SEJeff6y ago

Yeah this is the most sensible reason against it. NTP is also responsible for some of the biggest traffic amplification DDoS events.

mlichvarOP6y ago

j / k navigate · click thread line to collapse