Paper 2015/1020

Attacking the Network Time Protocol

Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg


We explore the risk that network attackers can exploit unauthenticated Network Time Protocol (NTP) traffic to alter the time on client systems. We first discuss how an on-path attacker, that hijacks traffic to an NTP server, can quickly shift time on the server's clients. Then, we present a extremely low-rate (single packet) denial-of-service attack that an off-path attacker, located anywhere on the network, can use to disable NTP clock synchronization on a client. Next, we show how an off-path attacker can exploit IPv4 packet fragmentation to shift time on a client. We discuss the implications on these attacks on other core Internet protocols, quantify their attack surface using Internet measurements, and suggest a few simple countermeasures that can improve the security of NTP.

Note: Revised according to NDSS'16 reviewer comments.

Available format(s)
Publication info
Published elsewhere. Minor revision.NDSS '16, 21-24 February 2016, San Diego, CA, USA
network securitynetwork time protocolNTPoff-path attacksdenial of service
Contact author(s)
goldbe @ cs bu edu
2016-01-07: last of 2 revisions
2015-10-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aanchal Malhotra and Isaac E.  Cohen and Erik Brakke and Sharon Goldberg},
      title = {Attacking the Network Time Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1020},
      year = {2015},
      doi = {10.14722/ndss.2016.23090},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.