[ntp:questions] Why do many time servers time out on queries from ntpq -p?

Ryan Malayter malayter at gmail.com
Sun Apr 13 14:17:50 UTC 2008


On Apr 12, 7:23 pm, Steve Kostecke <koste... at ntp.org> wrote:
> > The answer is security.
>
> It also denies the users of a time server potentially valuable
> information about that server's time sources.
>
> You may find it acceptable to use a block box time source with
> un-auditable time sources. I do not.
>

There is nothing about the ntpq output that couldn't be trivially
faked by a malicious server operator. Mode 6/7 capability adds no true
security or assurance to the users of an ntp server. Authentication
does not solve this problem either.

In reality, all public ntp servers are "black boxes", because you
can't trust anything they tell you, including the time. This is why
you configure a diverse set of time servers.

--
RPM




More information about the questions mailing list