[ntp:questions] OT: Solaris help - TOD service

David J Taylor david-taylor at blueyonder.neither-this-bit.nor-this-bit.co.uk
Fri Jun 13 15:01:13 UTC 2008


Peter Laws wrote:
> David J Taylor wrote:
>
>> Is there any good reason for inetd "to be switched off as a security
>> measure"?  Could the TOD service be provided stand-alone, instead of
>> within inetd?  Perhaps not....
>
> The services inetd calls are generally obsolete (rsh, rdate, telnet
> etc) or nearly so (ftp).  As a general rule, admins either comment
> everything out or disable inetd entirely.  Real, modern daemons, like
> sshd and httpd, run all the time and don't need to be called on
> demand.
> As noted, a bunch of the old "really cool in 1983" protocols like echo
> (port 7), discard  (8), daytime (13), or the coolest of them all in
> 1983, chargen (19).  Telnet to these ports on a Solaris box,
> especially one that doesn't have Solaris 10, and you can see the wild
> and wonderful things they generate.
>
> You could, conceivably, remove everything else and just leave daytime
> configured ... but you've got to ask yourself "Why aren't they using
> NTP?"

Peter,

That's helpful, in that it seems what the admins on this Solaris system 
have done is at least, first-order, reasonable.

They aren't using NTP because, presumably, the Motorola cable modems don't 
use NTP.  This occurs during the boot sequence of the cable modems when, 
perhaps, very little intelligence is available.  Having said that, the 
modems can also download a new firmware image, and I would have thought 
that such an image could work with NTP.

The net result of lack of ToD is that any errors are timestamped 1970-x-x, 
making fault diagnosis rather more difficult.

Thanks for all the feedback folks, and I suggest we revert to the normal 
advertised topic!

Cheers,
David 





More information about the questions mailing list