### Rating (1--4): + 4: Strong Accept -- This paper has a place at a top security venue ### What did this paper do well? + The paper provided very through explanations of various NTPD attacks and recommendations on defending against such attacks. Details are plenty yet well organized. + The paper used detailed attack scenarios and did an excellent job at illustrating the vulnerabilities + The paper provided interesting statistics regarding vulnerable servers, giving readers good sense about the attack surface of each category of NTPD attacks. + Real-life impacts were confirmed by several related CVE releases. ### Where did this paper fall short? + Does not know exactly what will cause bad time server pinning attack to succeed. ### What did you learn from reading this paper? + Different negative effects on different systems/protocols (TLS, DNSSec, RPKI,...) upon the NTP being compromised + Different ways to attack NTPD (on-path methods and off-path methods) + There are "holes" in current NTPD standards that can be exploited (in fact, different ntpd standards also react differently to the same exploit) + Classic TCP/IP attack strategies (like fragmentation) are still very valuable. ### What questions do you have about the paper or the area? + How do clients and servers maintain the accuracy of the response packets (with time values within) considering network delays and other delays ? + What is the current state of mode 3 and mode 4 responses? Are mode 3 packets authenticated now? + Why most recent NTPD implementation allows poll field in KoDs to be more than 17??? (as a measure against DDOS ??) + Among all of the NTPD attack methods, which one is the most effective? How to prevent that attack? + Communication is usually 2 ways, how come the other end is not able to correct this end's time ?
