[ntp:questions] Secure NTP

jimp at specsol.spam.sux.com jimp at specsol.spam.sux.com
Thu Mar 24 23:18:07 UTC 2011


Hal Murray <hal-usenet at ip-64-139-1-69.sjc.megapath.net> wrote:
> In article <ghps58-1a.ln1 at mail.specsol.com>,
> jimp at specsol.spam.sux.com writes:
> 
>>When I see questions like this my first response is "Why all the bother?".
>>
>>There is nothing secret or proprietary about the time of day.
>>
>>Since all NTP servers provide UTC, the service reveals nothing about the
>>machine other than the fact that the clock is correct.
>>
>>If you don't want your resources utilized by outsiders, you just block
>>access to the NTP port for everyone but your own clients as a blocked
>>port uses less resources than denying an unsucessful authorization does.
>>
>>Am I missing something??
> 
> Yes.  The encryption also verifies that you are talking to the
> server you think you are talking to rather than an imposter.

If you specify the server by IP address, how does that happen and who
would bother to do it?

IP hijacking will disrupt a lot more than just NTP.

If your server and its clients are on a corporate network, which is the
usual case for having one's own server, how does this happen?
 

-- 
Jim Pennino

Remove .spam.sux to reply.




More information about the questions mailing list