[ntp:hackers] Using authentication
Harlan Stenn
stenn at ntp.org
Sat Nov 7 07:06:56 UTC 2015
Hal Murray writes:
>
> stenn at ntp.org said:
> >> Brian Utterback writes:
> ...
> >> However, the change doesn't actually fix the problem it just makes the
> >> window of opportunity smaller. The only real fix is to use authentication.
>
> > I'm not really sure that's true either.
> > - use enough NTP servers
> > - monitor your ntpd instances
>
> How many is enough? As far as I can see, adding more servers just
> makes the window smaller. You might have an interesting point, but
> you haven't provided any numbers to show that it's practical to add
> enough servers to make the window small enough.
How about using the "pool" directive and let it decide the right amount?
> Is monitoring really going to solve the problem? What are you going
> to do when you notice something fishy going on?
Solve it? Maybe not. Detect when there is a problem and provide the
opportunity to make some new conscious choices? Probably.
But it's a step in the right direction.
--
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!
More information about the hackers
mailing list