[ntp:hackers] Cool new stuff

Steve Kostecke kostecke at ntp.isc.org
Thu Oct 26 11:35:23 PDT 2006


"David L. Mills" said:

>I need to understand the pivotal issue here. If symmetric or public key 
>authentication is not in use, there is no change in access semantics. If 
>it is in use and an intruder does not know the key, the behavior is 
>unchanged. The only case different than before is when the intruder does 
>know the key. In the original design, that intruder would be blocked as 
>well; in the present design that intruder would not be blocked.

A common problem that we've seen in the newsgroup is reports that
following an upgrade from NTP <= 4.1.x to 4.2.x the clients were no
longer able to get time from that server.

In virtually every case it turned out that the time server had 'notrust'
on a restrict line that applied to the affected subnet. Removing the
'notrust' restriction always solved the problem.

The time server operators were using this to tell ntpd not to accept the
time from the "clients". Perhaps this was a misuse of that restriction.
But it was certainly a common one.

-- 
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project http://ntp.isc.org/
Public Key at http://ntp.isc.org/Users/SteveKostecke


More information about the hackers mailing list