|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: NTp config - for the databases :}
Kees Hendrikse (kees
echelon.nl)
Fri, 13 Mar 1998 09:06:53 +0100 (MET)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Joe Ippolito: "RE: DNS -vs- the firewall: security thoughts"
- Previous message: Paul McNabb: "Re: Proxy firewall design."
- Maybe in reply to: Darren Reed: "Proxy firewall design."
- Next in thread: Bret Watson: "Re: NTp config - for the databases :}"
- Reply: Bret Watson: "Re: NTp config - for the databases :}"
> >time by spoofing only **one** of your 18 reference servers. NTP will happily
> >follow this one phoney server, as long as it believes the other 17 are dead.
> >I don't even have to be careful with time changes. Now that the phoney server
> >is the only reference, NTP will follow it all the way.
>
> That catch is that the stratum2s are also peering to each other, so unless
> your spoofed reference is more stable than the combined clock of the three
> they will ignore it.
I'm sorry, but you're wrong.
You are left with only *one* stratum-2 system; the others will drop to
stratum-3 or lower by lack of a stratum-1 reference. These stratum-3
systems peer to each other and use your only stratum-2 left as there
single point of reference.
Try it. Block all incoming ntp-traffic except the traffic from one of the
external servers. You might be surprised as to how quickly ntp adapts.
-- Kees Hendrikse | email: kees
- Next message: Joe Ippolito: "RE: DNS -vs- the firewall: security thoughts"
- Previous message: Paul McNabb: "Re: Proxy firewall design."
- Maybe in reply to: Darren Reed: "Proxy firewall design."
- Next in thread: Bret Watson: "Re: NTp config - for the databases :}"
- Reply: Bret Watson: "Re: NTp config - for the databases :}"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:40 CDT