[ntp:questions] Re: NTP sync
kudzu at tenebras.com
Tue Sep 23 12:07:02 UTC 2003
Brad Knowles wrote:
> So, what if you're on a wireless network, and the only way to get
> anywhere at all is over an IPSec tunnel?
How do ISAKMP messages get through? UDP traffic on port 500
isn't tunneled. How would NTP traffic get through? An exercise
left to the reader.
Another thing -- if you regard NTP to be a critical service, and
are concerned with security and avoiding potential threats, it's
better for any number of reasons to use the built-in auth methods.
How, for example, does an application running on a host verify that
a VPN tunnel is in force? It can't. Validating messages makes
sense, all the more so because NTP uses UDP.
More information about the questions