[ntp:questions] NTP internal server?
George N. White III
aa056 at chebucto.ns.ca
Sat Oct 28 18:55:17 UTC 2006
On Fri, 27 Oct 2006, Maarten Wiltink wrote:
> <metogroup at group.com> wrote in message
> news:QVi0h.7$3n2.2 at newreader.ukcore.bt.net...
>> I should have said, I am using an HTTP utility on the server to
>> synchronise with the Internet given that NTP is blocked.
> Talk about shooting yourself in the foot. Getting your time
> from HTTP responses is _vastly_ inferior to NTP.
> I'm also not quite sure what good they think they're doing. I'd
> say that HTTP is the more dangerous of the two.
Maybe the people who set the policy did a risk benefit analysis where
"benefit of HTTP" was thought to be BIGNUM*"benefit of NTP" while
"risk of HTTP" was only several times "risk of NTP".
> If they're worried about punching holes in their firewall, they
> could limit it to (NTP) traffic to and from an ISP NTP server.
> Presumably they trust their ISP for that, given that they trust
> everybody and his dog HTTP-wise.
Where I work, we do have holes in firewalls limited to particular machines
and external IP's, but they are high maintenance -- the holes tend to
close whenever the configuration is tweaked, external sites reconfigure,
c.t.p.ntp gets many requests for people looking for tools to deal with
situations that are outside ntp's mandate:
1. cheap and easy ntp service for an isolated network
2. quickly sync a machine that runs intermittently or has
intermittent/sporadic network connection but performs a time-critical task
such as pointing a high-gain antenna at a satellite in a low orbit
It should be noted that it is often cheaper and easier to stick with bog
standard configurations even if the result is overkill. Many people
assume a GPS time source will be hard/expensive.
George N. White III <aa056 at chebucto.ns.ca>
More information about the questions