Date: Sat, 11 Aug 2001 11:40:58 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> To: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> Cc: Lamont Granquist <lamont@scriptkiddie.org>, "'freebsd-stable@freebsd.org'" <freebsd-stable@FreeBSD.ORG> Subject: Re: (OT) Re: NTPD in upcoming release? Message-ID: <200108111540.f7BFewn01097@whizzo.transsys.com> In-Reply-To: Your message of "Sat, 11 Aug 2001 09:29:21 EDT." <13790000.997536561@vpn48.ece.cmu.edu> References: <20010810221054.F26163-100000@coredump.scriptkiddie.org> <13790000.997536561@vpn48.ece.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Friday, August 10, 2001 22:22:05 -0700, Lamont Granquist > <lamont@scriptkiddie.org> wrote: > +----- > | Its an ugly, ugly, ugly hack that needs to be replaced with something much > | more robust. I agree. But you know tomorrow you could have security > | holes in both IIS and ntp released, and some asshole could adapt code red > | to it with a secondary payload that attacked ntpd servers and executed "rm > | -rf /" That'd probably really suck. > +--->8 > > In a sense, the real hack is syncing time over the Internet. The "correct" > fix is to sync to commonly available and inexpensive GPS clocks, use NTP > only within an internal network, and block NTP packets from outside the > network completely (if ntpd's own code isn't trusted for this, stick a > hosts_access() call immediately after the packet receive). No, what NTP does is set the time of your system to the *correct* time, and not just synchronized to some other clock. There's an advantage to peering with multiple clocks so that you can detect an insane/broken clock, even one based on using a GPS receiver that you might own. The algorithms for peer selection are every bit as important at the ones which determine offset and delay times. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108111540.f7BFewn01097>