Misplaced Pages

#83916

54-471: Under SAP, senders periodically transmit SDP descriptions to a well-known multicast address and port number (9875). A listening application constructs a guide of all advertised multicast sessions. SAP was published by the IETF as RFC 2974. The announcement interval is cooperatively modulated such that all SAP announcements in the multicast delivery scope, by default, consume 4000 bits per second. Regardless,

108-454: A configuration file , an attached reference clock, or a remote server. Although the NTP clock is actually halted during the event, because of the requirement that time must appear to be strictly increasing , any processes that query the system time cause it to increase by a tiny amount, preserving the order of events. If a negative leap second should ever become necessary, it would be deleted with

162-476: A symmetric key mode, which is not useful against MITM. The public key system known as "autokey" in NTPv4 adapted from IPSec offers useful authentication, but is not practical for a busy server. Autokey was also later found to suffer from several design flaws, with no correction published, save for a change in the message authentication code . Autokey should no longer be used. Network Time Security (NTS)

216-604: A unicast address, the prefix of an IPv6 multicast address specifies its scope, however, the set of possible scopes for a multicast address is different. The 4-bit scope field (bits 12 to 15) is used to indicate where the address is valid and unique. The service is identified in the group ID field. For example, if ff02::101 refers to all Network Time Protocol (NTP) servers on the local network segment, then ff08::101 refers to all NTP servers in an organization's networks. The group ID field may be further divided for special multicast address types. The following table

270-434: A few incidents. It is able to achieve improved precision on LAN connections, using hardware timestamping on the network adapter. Support for Network Time Security (NTS) was added on version 4.0. chrony is available under GNU General Public License version 2 , was created by Richard Curnow in 1997 and is currently maintained by Miroslav Lichvar . On the day of a leap second event, ntpd receives notification from either

324-459: A focus on security and encompassing a privilege separated design. Whilst it is aimed more closely at the simpler generic needs of OpenBSD users, it also includes some protocol security improvements while still being compatible with existing NTP servers. The simpler code base sacrifices accuracy, deemed unnecessary in this use case. A portable version is available in Linux package repositories. NTPsec

378-443: A hierarchical, semi-layered system of time sources. Each level of this hierarchy is termed a stratum and is assigned a number starting with zero for the reference clock at the top. A server synchronized to a stratum n server runs at stratum n + 1. The number represents the distance from the reference clock and is used to prevent cyclical dependencies in the hierarchy. Stratum is not always an indication of quality or reliability; it

432-563: A hierarchy of servers similar to the NTP stratum model. In 1985, NTP version 0 (NTPv0) was implemented in both Fuzzball and Unix, and the NTP packet header and round-trip delay and offset calculations, which have persisted into NTPv4, were documented in RFC   958 . Despite the relatively slow computers and networks available at the time, accuracy of better than 100 milliseconds was usually obtained on Atlantic spanning links, with accuracy of tens of milliseconds on Ethernet networks. In 1988,

486-451: A man-in-the-middle attack can be used to alter clocks on client computers and allow a number of attacks based on bypassing of cryptographic key expiration. Some of the services affected by fake NTP messages identified are TLS , DNSSEC , various caching schemes (such as DNS cache), Border Gateway Protocol (BGP), Bitcoin and a number of persistent login schemes. NTP has been used in distributed denial of service attacks . A small query

540-482: A much more complete specification of the NTPv1 protocol, with associated algorithms, was published in RFC   1059 . It drew on the experimental results and clock filter algorithm documented in RFC   956 and was the first version to describe the client–server and peer-to-peer modes. In 1991, the NTPv1 architecture, protocol and algorithms were brought to the attention of a wider engineering community with

594-525: A simpler codebase allowing for better security and lower resource consumption. It does not however compromise on accuracy, instead syncing faster and better than the reference ntpd in many circumstances. It is versatile enough for ordinary computers, which are unstable, go into sleep mode or have intermittent connection to the Internet. It is also designed for virtual machines, a more unstable environment. Chrony has been evaluated as "trustworthy", with only

SECTION 10

#1732781013084

648-468: A value of 1 in the least-significant bit of the first octet of the destination MAC address are treated as multicast frames and are flooded to all points on the network. While frames with ones in all bits of the destination address ( FF-FF-FF-FF-FF-FF ) are sometimes referred to as broadcasts , Ethernet generally does not distinguish between multicast and broadcast frames. Modern Ethernet controllers filter received packets to reduce CPU load, by looking up

702-423: A warning of any impending leap second adjustment, but no information about local time zones or daylight saving time is transmitted. The current protocol is version 4 (NTPv4), which is backward compatible with version 3. In 1979, network time synchronization technology was used in what was possibly the first public demonstration of Internet services running over a trans-Atlantic satellite network, at

756-513: Is a fork of the reference implementation that has been systematically security-hardened . The fork point was in June 2015 and was in response to a series of compromises in 2014. The first production release shipped in October 2017. Between removal of unsafe features, removal of support for obsolete hardware, and removal of support for obsolete Unix variants, NTPsec has been able to pare away 75% of

810-444: Is a list notable IPv6 multicast addresses that are registered with IANA. To be included in some of the below multicast groups a client must send a Multicast Listener Discovery (MLD), a component of ICMPv6 suite, to join that group. For example, to listen to ff02::1:ff28:9c5a , a client must send a MLD report to the router, containing the multicast address, to indicate that it wants to listen to that group. Ethernet frames with

864-561: Is a list of notable well-known IPv4 addresses that are reserved for IP multicasting and that are registered with the Internet Assigned Numbers Authority (IANA). Multicast addresses in IPv6 use the prefix ff00:: / 8 . For all multicast addresses, the prefix field holds the binary value 11111111. Currently, three of the four flag bits in the flg field are defined; the most-significant flag bit

918-508: Is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service . Multicast addressing can be used in the link layer (layer 2 in the OSI model ), such as Ethernet multicast, and at the internet layer (layer 3 for OSI) for Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) multicast. IPv4 multicast addresses are defined by

972-509: Is a secure version of NTPv4 with TLS and AEAD . The main improvement over previous attempts is that a separate "key establishment" server handles the heavy asymmetric cryptography, which needs to be done only once. If the server goes down, previous users would still be able to fetch time without fear of MITM. NTS is currently supported by several time servers, including Cloudflare . It is supported by NTPSec and chrony. Microsoft also has an approach to authenticate NTPv3/SNTPv4 packets using

1026-418: Is common to find stratum 3 time sources that are higher quality than other stratum 2 time sources. A brief description of strata 0, 1, 2 and 3 is provided below. The upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized. The NTP algorithms on each computer interact to construct a Bellman–Ford shortest-path spanning tree , to minimize the accumulated round-trip delay to

1080-481: Is created by copying the last 24 bits of a unicast or anycast address to the last 24 bits of the multicast address. Link-scoped multicast addresses use a comparable format. Based on the value of the flag bits, IPv6 multicast addresses can be Unicast-Prefix-based Multicast Addresses , Source-Specific Multicast Addresses , or Embedded RP IPv6 Multicast Addresses . Each of these types of multicast addresses have their own format and follow specific rules. Similar to

1134-399: Is derived from the best three remaining candidates. The clock frequency is then adjusted to reduce the offset gradually ("discipline"), creating a feedback loop . Accurate synchronization is achieved when both the incoming and outgoing routes between the client and the server have symmetrical nominal delay. If the routes do not have a common nominal delay, a systematic bias exists of half

SECTION 20

#1732781013084

1188-607: Is intended to synchronize participating computers to within a few milliseconds of Coordinated Universal Time (UTC). It uses the intersection algorithm , a modified version of Marzullo's algorithm , to select accurate time servers and is designed to mitigate the effects of variable network latency . NTP can usually maintain time to within tens of milliseconds over the public Internet , and can achieve better than one millisecond accuracy in local area networks under ideal conditions. Asymmetric routes and network congestion can cause errors of 100 ms or more. The protocol

1242-566: Is not to be mixed with a public NTP pool as leap smear is non-standard and will throw off client calculation in a mix. Because adjusting system time is generally a privileged operation, part or all of NTP code has to be run with some privileges in order to support its core functionality. Only a few other security problems have been identified in the reference implementation of the NTP codebase, but those that appeared in 2009 were cause for significant concern. The protocol has been undergoing revision and review throughout its history. The codebase for

1296-550: Is optional. Two authentication schemes are supported: The message body may optionally be compressed using the zlib format as defined in RFC 1950. VLC media player monitors SAP announcements and presents the user a list of available streams. SAP is one of the optional discovery and connection management techniques described in the AES67 audio-over-Ethernet interoperability standard. Multicast address A multicast address

1350-429: Is reserved for future use. The four-bit scope field ( sc ) is used to indicate where the address is valid and unique. In addition, the scope field is used to identify special multicast addresses, like solicited node . The sc(ope) field holds the binary value 0010 (link-local). Solicited-node multicast addresses are computed as a function of a node's unicast or anycast addresses. A solicited-node multicast address

1404-533: Is sent to an NTP server with the return IP address spoofed to be the target address. Similar to the DNS amplification attack , the server responds with a much larger reply that allows an attacker to substantially increase the amount of data being sent to the target. To avoid participating in an attack, NTP server software can be upgraded or servers can be configured to ignore external queries. NTP itself includes support for authenticating servers to clients. NTPv3 supports

1458-533: Is usually described in terms of a client–server model , but can as easily be used in peer-to-peer relationships where both peers consider the other to be a potential time source. Implementations send and receive timestamps using the User Datagram Protocol (UDP) on port number 123. They can also use broadcasting or multicasting , where clients passively listen to time updates after an initial round-trip calibrating exchange. NTP supplies

1512-704: The Daytime and Time protocols for recording the time of events, as well as the ICMP Timestamp messages and IP Timestamp option ( RFC   781 ). More complete synchronization systems, although lacking NTP's data analysis and clock disciplining algorithms, include the Unix daemon timed , which uses an election algorithm to appoint a server for all the clients; and the Digital Time Synchronization Service (DTSS), which uses

1566-770: The National Computer Conference in New York. The technology was later described in the 1981 Internet Engineering Note (IEN) 173 and a public protocol was developed from it that was documented in RFC   778 . The technology was first deployed in a local area network as part of the Hello routing protocol and implemented in the Fuzzball router , an experimental operating system used in network prototyping, where it ran for many years. Other related network tools were available both then and now. They include

1620-427: The most-significant bit pattern of 1110 . This originates from the classful network design of the early Internet when this group of addresses was designated as Class D . The CIDR notation for this group is 224.0.0.0 / 4 . The group includes the addresses from 224.0.0.0 to 239.255.255.255 . The address range is divided into blocks each assigned a specific purpose or behavior. The following table

1674-527: The IANA side, a ntp (network time protocols ) work group is in charge of reviewing proposed drafts. The protocol has significantly progressed since NTPv4. As of 2022 , three RFC documents describing updates to the protocol have been published, not counting the numerous peripheral standards such as NTS ( RFC   8915 ). Mills had mentioned plans for a "NTPv5" on his page, but one was never published. An unrelated draft termed "NTPv5" by M. Lichvar of chrony

Session Announcement Protocol - Misplaced Pages Continue

1728-509: The Linux Foundation's Core Infrastructure Initiative, suggested that both NTP and NTPsec were more problematic than Chrony from a security standpoint. NTP servers can be susceptible to man-in-the-middle attacks unless packets are cryptographically signed for authentication. The computational overhead involved can make this impractical on busy servers, particularly during denial of service attacks. NTP message spoofing from

1782-598: The NTP provider for W32Time became compatible with a significant subset of NTPv3. Microsoft states that W32Time cannot reliably maintain time synchronization with one second accuracy. If higher accuracy is desired, Microsoft recommends using a newer version of Windows or different NTP implementation. Beginning with Windows 10 version 1607 and Windows Server 2016 , W32Time can be configured to reach time accuracy of 1 s, 50 ms or 1 ms under certain specified operating conditions. In 2004, Henning Brauer of OpenBSD presented OpenNTPD , an NTPv3/SNTPv4 implementation with

1836-448: The clock, that can misbehave when synchronized to servers that use different algorithms. The software has been ported to almost every computing platform, including personal computers. It runs as a daemon called ntpd under Unix or as a service under Windows. Reference clocks are supported and their offsets are filtered and analysed in the same way as remote servers, although they are usually polled more frequently. This implementation

1890-462: The difference between the forward and backward travel times. A number of approaches have been proposed to measure asymmetry, but among practical implementations only chrony seems to have one included. The NTP reference implementation , along with the protocol, has been continuously developed for over 20 years. Backwards compatibility has been maintained as new features have been added. It contains several sensitive algorithms, especially to discipline

1944-460: The first rollover occurs on February 7, 2036. NTPv4 introduces a 128-bit date format: 64 bits for the second and 64 bits for the fractional-second. The most-significant 32 bits of this format is the Era Number which resolves rollover ambiguity in most cases. According to Mills, "The 64-bit value for the fraction is enough to resolve the amount of time it takes a photon to pass an electron at

1998-818: The hash of a multicast destination address in a table, initialized by software, which controls whether a multicast packet is dropped or fully received. The IEEE has allocated the address block 01-80-C2-00-00-00 to 01-80-C2-FF-FF-FF for group addresses for use by standard protocols. Of these, the MAC group addresses in the range of 01-80-C2-00-00-00 to 01-80-C2-00-00-0F are not forwarded by 802.1D -conformant MAC bridges . 01-80-C2 IEEE (802 group) 01-80-C2-00-00-00 01-80-C2-00-00-03 Multiple VLAN Registration Protocol (MVRP) 01-1B-19 IEEE (TC9) 01-00-5E ICANN / IANA 33-33-xx locally administered 01-0C-CD IEC 01-00-0C Cisco Systems 802.11 wireless networks use

2052-450: The maximum announce interval is 300 seconds (5 minutes). Announcements automatically expire after 10 times the announcement interval or one hour, whichever is greater. Announcements may also be explicitly withdrawn by the original issuer. SAP features separate methods for authenticating and encrypting announcements. Use of encryption is not recommended. Authentication prevents unauthorized modification and other DoS attacks. Authentication

2106-477: The original codebase, making the remainder easier to audit . A 2017 audit of the code showed eight security issues, including two that were not present in the original reference implementation, but NTPsec did not suffer from eight other issues that remained in the reference implementation. chrony is an independent NTP implementation mainly sponsored by Red Hat , who uses it as the default time program in their distributions. Being written from scratch, chrony has

2160-505: The packet to indicate error, such as XFAC to indicate a network disconnection. The IANA maintains a registry for refid source names and KoD codes. Informal assignments can still appear. The 64-bit binary fixed-point timestamps used by NTP consist of a 32-bit part for seconds and a 32-bit part for fractional second, giving a time scale that rolls over every 2 seconds (136 years) and a theoretical resolution of 2 seconds (233 picoseconds). NTP uses an epoch of January 1, 1900. Therefore,

2214-482: The publication of an article by David L. Mills in the IEEE Transactions on Communications . In 1989, RFC   1119 was published defining NTPv2 by means of a state machine , with pseudocode to describe its operation. It introduced a management protocol and cryptographic authentication scheme which have both survived into NTPv4, along with the bulk of the algorithm. However the design of NTPv2

Session Announcement Protocol - Misplaced Pages Continue

2268-659: The reference implementation has undergone security audits from several sources for several years. A stack buffer overflow exploit was discovered and patched in 2014. Apple was concerned enough about this vulnerability that it used its auto-update capability for the first time. On systems using the reference implementation, which is running with root user's credential, this could allow unlimited access. Some other implementations, such as OpenNTPD , have smaller code base and adopted other mitigation measures like privilege separation, are not subject to this flaw. A 2017 security audit of three NTP implementations, conducted on behalf of

2322-411: The response packet, t 3 + θ − δ / 2 = t 2 {\displaystyle t_{3}+\theta -\delta /2=t_{2}} Solving for θ yields the definition of the time offset. The values for θ and δ are passed through filters and subjected to statistical analysis ("mitigation"). Outliers are discarded and an estimate of time offset

2376-512: The round-trip delay δ by δ = ( t 3 − t 0 ) − ( t 2 − t 1 ) , {\displaystyle \delta ={(t_{3}-t_{0})-(t_{2}-t_{1})},} where To derive the expression for the offset, note that for the request packet, t 0 + θ + δ / 2 = t 1 {\displaystyle t_{0}+\theta +\delta /2=t_{1}} and for

2430-482: The same MAC addresses for multicast as Ethernet. Network Time Protocol The Network Time Protocol ( NTP ) is a networking protocol for clock synchronization between computer systems over packet-switched , variable- latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware . NTP

2484-515: The same as with the Time Protocol, as only one server is used. In 1996, SNTP was updated to SNTPv4 with some features of the then-in-development NTPv4. The current version of SNTPv4 was merged into the main NTPv4 standard in 2010. SNTP is fully interoperable with NTP since it does not define a new protocol. However, the simple algorithms provide times of reduced accuracy and thus it is inadvisable to sync time from an SNTP source. NTP uses

2538-480: The sequence 23:59:58, 00:00:00, skipping 23:59:59. An alternative implementation, called leap smearing, consists in introducing the leap second incrementally during a period of 24 hours, from noon to noon in UTC time. This implementation is used by Google (both internally and on their public NTP servers), Amazon AWS, and Facebook. Chrony supports leap smear in smoothtime and leapsecmode configurations, but such use

2592-427: The source address. Refids serve to detect and prevent timing loops to the first degree. The refid field is filled with status words in the case of kiss-o'-death (KoD) packets, which tell the client to stop sending requests so that the server can rest. Some examples are INIT (initialization), STEP (step time change), and RATE (client requesting too fast). The program output may additionally use codes not transmitted in

2646-656: The speed of light. The 64-bit second value is enough to provide unambiguous time representation until the universe goes dim." A typical NTP client regularly polls one or more NTP servers. The client must compute its time offset and round-trip delay . Time offset θ is positive or negative (client time > server time) difference in absolute time between the two clocks. It is defined by θ = ( t 1 − t 0 ) + ( t 2 − t 3 ) 2 , {\displaystyle \theta ={\frac {(t_{1}-t_{0})+(t_{2}-t_{3})}{2}},} and

2700-452: The stratum 1 servers for all the clients. In addition to stratum, the protocol is able to identify the synchronization source for each server in terms of a reference identifier (refid). For servers on stratum 2 and below, the refid is an encoded form of the upstream time server's IP address. For IPv4, this is simply the 32-bit address; for IPv6, it would be the first 32 bits of the MD5 hash of

2754-848: Was audited in 2017, finding 14 potential security issues. All Microsoft Windows versions since Windows 2000 include the Windows Time service (W32Time), which has the ability to synchronize the computer clock to an NTP server. W32Time was originally implemented for the purpose of the Kerberos version 5 authentication protocol, which required time to be within 5 minutes of the correct value to prevent replay attacks . The network time server in Windows 2000 Server (and Windows XP) does not implement NTP disciplined synchronization, only locally disciplined synchronization with NTP/SNTP correction. Beginning with Windows Server 2003 and Windows Vista ,

SECTION 50

#1732781013084

2808-518: Was criticized for lacking formal correctness by the DTSS community, and the clock selection procedure was modified to incorporate Marzullo's algorithm for NTPv3 onwards. In 1992, RFC   1305 defined NTPv3. The RFC included an analysis of all sources of error, from the reference clock down to the final client, which enabled the calculation of a metric that helps choose the best server where several candidates appear to disagree. Broadcast mode

2862-430: Was initiated in 2020 and includes security, accuracy, and scaling changes. As NTP replaced the use of the old Time Protocol , some use cases nevertheless found the full protocol too complicated. In 1992, Simple Network Time Protocol ( SNTP ) was defined to fill this niche. The SNTPv3 standard describes a way to use NTPv3, such that no storage of state over an extended period is needed. The topology becomes essentially

2916-433: Was introduced. In subsequent years, as new features were added and algorithm improvements were made, it became apparent that a new protocol version was required. In 2010, RFC   5905 was published containing a proposed specification for NTPv4. Following the retirement of Mills from the University of Delaware , the reference implementation is currently maintained as an open source project led by Harlan Stenn. On

#83916