[ntp:questions] NTP internal server?

George N. White III aa056 at chebucto.ns.ca
Sat Oct 28 18:55:17 UTC 2006


On Fri, 27 Oct 2006, Maarten Wiltink wrote:

> <metogroup at group.com> wrote in message
> news:QVi0h.7$3n2.2 at newreader.ukcore.bt.net...
>
>> I should have said, I am using an HTTP utility on the server to
>> synchronise with the Internet given that NTP is blocked.
>
> Talk about shooting yourself in the foot. Getting your time
> from HTTP responses is _vastly_ inferior to NTP.
>
> I'm also not quite sure what good they think they're doing. I'd
> say that HTTP is the more dangerous of the two.

Maybe the people who set the policy did a risk benefit analysis where 
"benefit of HTTP" was thought to be BIGNUM*"benefit of NTP" while 
"risk of HTTP" was only several times "risk of NTP".

> If they're worried about punching holes in their firewall, they
> could limit it to (NTP) traffic to and from an ISP NTP server.
> Presumably they trust their ISP for that, given that they trust
> everybody and his dog HTTP-wise.

Where I work, we do have holes in firewalls limited to particular machines
and external IP's, but they are high maintenance -- the holes tend to 
close whenever the configuration is tweaked, external sites reconfigure, 
etc.

c.t.p.ntp gets many requests for people looking for tools to deal with 
situations that are outside ntp's mandate:

1. cheap and easy ntp service for an isolated network

2. quickly sync a machine that runs intermittently or has 
intermittent/sporadic network connection but performs a time-critical task 
such as pointing a high-gain antenna at a satellite in a low orbit

It should be noted that it is often cheaper and easier to stick with bog 
standard configurations even if the result is overkill.  Many people 
assume a GPS time source will be hard/expensive.

-- 
George N. White III  <aa056 at chebucto.ns.ca>




More information about the questions mailing list