[ntp:hackers] Using authentication

Harlan Stenn stenn at ntp.org
Sat Nov 7 07:06:56 UTC 2015


Hal Murray writes:
> 
> stenn at ntp.org said:
> >> Brian Utterback writes:
> ...
> >> However, the change doesn't actually fix the problem it just makes the 
> >> window of opportunity smaller. The only real fix is to use authentication.
> 
> > I'm not really sure that's true either.
> > - use enough NTP servers
> > - monitor your ntpd instances 
> 
> How many is enough?  As far as I can see, adding more servers just
> makes the window smaller.  You might have an interesting point, but
> you haven't provided any numbers to show that it's practical to add
> enough servers to make the window small enough.

How about using the "pool" directive and let it decide the right amount?

> Is monitoring really going to solve the problem?  What are you going
> to do when you notice something fishy going on?

Solve it? Maybe not.  Detect when there is a problem and provide the
opportunity to make some new conscious choices?  Probably.  

But it's a step in the right direction.
-- 
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!


More information about the hackers mailing list