Robustness

The timestamp exchange process could be exploited by an adversary to create an overload of processing and network usage. This could lead to the attacked node not being able to participate in other timestamp exchanges or perhaps any communication at all. This would be a typical DoS attack.

An evildoer, or just a misconfigured host, could transmit thousands of the timestamp exchange challenge messages within a very short period of time, all aimed at the same host. This would cause the receiving host to generate and transmit signed replies to all the challenges. To avoid this, a timer is set for the originators of all received challenges. Any new received challenges from the same host while the timer has not timed out, are discarded. Due to the signing of the challenge messages, an attacker cannot spoof the sender address of challenge messages. An attacker could however, record all challenge messages directed to a host for a long period of time and launch them all within a short period of time. But as timestamp entries are cached within nodes, the timestamp exchange process will not be initiated very frequently. Therefore, this amount of messages would not be extensive.