Re: NTP security

To: debian-security@lists.debian.org
Subject: Re: NTP security
From: Jamie Heilman <jamie@audible.transient.net>
Date: Sat, 10 Mar 2001 16:25:51 -0800
Message-id: <[🔎] 20010310162551.E12888@audible.transient.net>
In-reply-to: <[🔎] 15018.49409.590141.614437@viper.earth>; from ssahmed@pathcom.com on Sat, Mar 10, 2001 at 07:04:17PM -0500
References: <[🔎] 20010310034004.B12888@audible.transient.net> <[🔎] Pine.SOL.4.31.0103100953470.19324-100000@copland.udel.edu> <[🔎] 20010310124800.C12888@audible.transient.net> <[🔎] 15018.49409.590141.614437@viper.earth>

> So what is the most secure way of syncing time on a server ?

Coupling your server directly to an atomic clock, or some other source of
"hard" time, yeilds no network reliance at all, and is the most secure way.
Using bug free software is the most secure way to synchronize over a network.
ntpd could probably benefit from a good auditing as it is a reference
implmentation and those tend to get a rather unwieldy code-base.  (BIND
being a prime example)

> I noticed that /etc/services has a tcp entry for ntp. Is there any way
> (short of changing the code) to coax ntp to use tcp instead of udp ?

No, UDP is intrinsic to how NTP works.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
 next to you may not be who they appear to be, so take precaution."
						-Sathington Willoughby

Reply to:

Follow-Ups:
- Re: NTP security
  - From: Bryan Andersen <bryan@visi.com>

References:
- Re: NTP security
  - From: Jamie Heilman <jamie@audible.transient.net>
- Re: NTP security
  - From: Rishi L Khan <rishi@UDel.Edu>
- Re: NTP security
  - From: Jamie Heilman <jamie@audible.transient.net>
- Re: NTP security
  - From: S.Salman Ahmed <ssahmed@pathcom.com>

Prev by Date: Re: NTP security
Next by Date: Re: NTP security
Previous by thread: Re: NTP security
Next by thread: Re: NTP security
Index(es):
- Date
- Thread