From owner-freebsd-security  Fri Jul  5 21:44:19 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 53E5737B400
	for <freebsd-security@FreeBSD.ORG>; Fri,  5 Jul 2002 21:44:17 -0700 (PDT)
Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AC7F243E09
	for <freebsd-security@FreeBSD.ORG>; Fri,  5 Jul 2002 21:44:16 -0700 (PDT)
	(envelope-from danderse@cs.utah.edu)
Received: from famine.cs.utah.edu (famine.cs.utah.edu [155.99.198.114])
	by wrath.cs.utah.edu (8.11.6/8.11.6) with ESMTP id g664i7D16705;
	Fri, 5 Jul 2002 22:44:07 -0600 (MDT)
Received: by famine.cs.utah.edu (Postfix, from userid 2146)
	id 0138A23A77; Fri,  5 Jul 2002 22:44:06 -0600 (MDT)
Date: Fri, 5 Jul 2002 22:44:06 -0600
From: "David G . Andersen" <danderse@cs.utah.edu>
To: Ross Wheeler <rossw@albury.net.au>
Cc: twig les <twigles@yahoo.com>,
	Brian Reichert <reichert@numachi.com>,
	Kim Okasawa <kimokasawa@hotmail.com>, _@r4k.net,
	freebsd-security@FreeBSD.ORG
Subject: Re: NTP security - (was Any security issues with root's cron job?)
Message-ID: <20020705224406.B23004@cs.utah.edu>
References: <20020706032916.35363.qmail@web10105.mail.yahoo.com> <Pine.BSF.4.31.0207061350010.24921-100000@giroc.albury.net.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.BSF.4.31.0207061350010.24921-100000@giroc.albury.net.au>; from rossw@albury.net.au on Sat, Jul 06, 2002 at 01:52:13PM +1000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Ross Wheeler just mooed:
> 
> Whip over to ebay, buy a cheap second-hand GPS and cable, stick it into
> one of your servers and presto - instant "stratum 1" time reference for

  One thing to note with this approach is that you have to pick
your GPS carefully.  Hand-helds often have really terrible time output;
a friend of mine used his PCMCIA GPS and was getting worse-than-NTP
time from it.  If you can find it, look for a model that's optimized
for time synch.  Trimble, UT+, etc.  There's a good list of them in
the NTP faq at http://www.ntp.org/

> under a hundred bucks. Under your control (I can't see anyone taking over
> or DoSing the whole of the GPS network any time soon, do you?)

  Certainly not to attack one internet site, at least. :)

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message