Coping with Overload on the Network Time Protocol Public Servers
David Mills, Judah Levine, Richard Schmidt, David Plonka
The public time servers operated by USNO and NIST provide time synchronization, directly or indirectly, to millions of Internet computers today. The load in the form of processor cycles and network traffic has doubled in the last two years and could eventually overwhelm the servers and the network infrastructure unless something is done about it. While both USNO and NIST operate multiple servers across the US, the aggregate load is highly unbalanced and the flagship servers at headquarters are nearing capacity. This paper discusses the current conditions at USNO and NIST and suggests technical defenses designed to protect their resources. Surprisingly, a significant fraction of the total load is due to the occasional defective client design that spews an alarming number of packets without good reason. In one incident at the University of Wisonsin a defective NTP implementation in a router product resulted in a large scale denial of service attack on the university's network. At NIST and USNO most of the population are well behaved mice, but a significant proportion of the total traffic is due to a relatively few number of abusive elephants. The paper proposes that the best advice may be to find the elephants and shoot them.
denial of service attack, flooding attack, network time protocol
, Levine, J.
, Schmidt, R.
and Plonka, D.
Coping with Overload on the Network Time Protocol Public Servers, Proc. PTTI , [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50015
(Accessed December 3, 2023)