Network Time Protocol (NTP) is used by millions of hosts in Internet today to synchronize their clocks. Clock synchronization is necessary for many network applications to function correctly. Unsynchronized clock may lead to failure of various core Internet services including DNS and RPKI based interdomain routing and opens path for more sophisticated attacks. In this paper, we describe a new attack which can prevent a client configured in NTP's broadcast mode from synchronizing its clock with the server. We test the attack in real networks and show that it is effective in both authenticated and unauthenticated broadcast/multicast modes of NTP. We also perform experiments to measure the overall attack surface by scanning the entire IPv4 address space and show that NTP broadcast mode is being used in the wild by several low stratum (highly accurate) hosts. We also suggest few countermeasures to mitigate the proposed attack.

中文翻译：

---

在 NTP 广播模式下防止时间同步

当今互联网上的数百万主机使用网络时间协议 (NTP) 来同步它们的时钟。许多网络应用程序需要时钟同步才能正常运行。不同步的时钟可能会导致各种核心 Internet 服务的故障，包括基于 DNS 和 RPKI 的域间路由，并为更复杂的攻击打开路径。在本文中，我们描述了一种新的攻击，它可以阻止配置为 NTP 广播模式的客户端与服务器同步其时钟。我们在真实网络中测试了该攻击，并表明它在 NTP 的经过身份验证和未经身份验证的广播/多播模式中均有效。我们还进行了实验，通过扫描整个 IPv4 地址空间来测量整体攻击面，并表明 NTP 广播模式正在被几个低层（高度准确）的主机广泛使用。我们还建议采取一些对策来减轻提议的攻击。