5117 shaares
Scenario:
Attacker somehow compromises the DNS lookup for the NTP server used by the victim (a web application)
Victim sends DNS request for e.g. ntp.pool.org, which is responded to by attacker to direct the victim to another computer under their control
Attacker issues incorrect timing information via NTP
Attacker performs attack on victim that depends on victim's knowledge of the current time being incorrect
Is this possible? If so, what should be done to mitigate against it? Are there any other similar attacks?
An interesting thought that occurs to me: if the resulting time change is small, this may be hard to distinguish from a correct NTP response.