A few months ago I was lucky enough to do a lab assessment demoing a secure control system network. One component of the lab network got my attention a bit: an embedded Network Time server that gets its time from GPS.
Its sole function in life is to get time via a GPS signal and share with the rest of the network via the NTP protocol. To do this, a typical Time Server device runs embedded Linux and includes FTP, Telnet, SSH, Web, and SNMP services, as well as the expected NTP and sometimes unexpected daytime protocols. Also, these servers seem to love carrying additional open ports: echo and other services are sometimes left enabled.
While I didn’t find any hidden features in the product on our assessment, it got me to thinking: what other NTP servers are out there that might have security issues? And how often do people pay attention to these ‘appliances’?
Time Servers are particularly interesting to me because of where they’re found: very large data centers may have them, but they seem to be most likely in either industrial or high-speed financial networks.