Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Aug 2001 11:40:58 -0400
From:      "Louis A. Mamakos" <louie@TransSys.COM>
To:        "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Cc:        Lamont Granquist <lamont@scriptkiddie.org>, "'freebsd-stable@freebsd.org'" <freebsd-stable@FreeBSD.ORG>
Subject:   Re: (OT) Re: NTPD in upcoming release? 
Message-ID:  <200108111540.f7BFewn01097@whizzo.transsys.com>
In-Reply-To: Your message of "Sat, 11 Aug 2001 09:29:21 EDT." <13790000.997536561@vpn48.ece.cmu.edu> 
References:  <20010810221054.F26163-100000@coredump.scriptkiddie.org> <13790000.997536561@vpn48.ece.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Friday, August 10, 2001 22:22:05 -0700, Lamont Granquist 
> <lamont@scriptkiddie.org> wrote:
> +-----
> | Its an ugly, ugly, ugly hack that needs to be replaced with something much
> | more robust.  I agree.  But you know tomorrow you could have security
> | holes in both IIS and ntp released, and some asshole could adapt code red
> | to it with a secondary payload that attacked ntpd servers and executed "rm
> | -rf /"  That'd probably really suck.
> +--->8
> 
> In a sense, the real hack is syncing time over the Internet.  The "correct" 
> fix is to sync to commonly available and inexpensive GPS clocks, use NTP 
> only within an internal network, and block NTP packets from outside the 
> network completely (if ntpd's own code isn't trusted for this, stick a 
> hosts_access() call immediately after the packet receive).

No, what NTP does is set the time of your system to the *correct* time,
and not just synchronized to some other clock.  There's an advantage to
peering with multiple clocks so that you can detect an insane/broken
clock, even one based on using a GPS receiver that you might own.  The
algorithms for peer selection are every bit as important at the ones
which determine offset and delay times.

louie

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108111540.f7BFewn01097>