Firewall Wizards mailing list archives
Re: NTp config - for the databases :}
From: kees () echelon nl (Kees Hendrikse)
Date: Fri, 13 Mar 1998 09:06:53 +0100 (MET)
time by spoofing only **one** of your 18 reference servers. NTP will happily follow this one phoney server, as long as it believes the other 17 are dead. I don't even have to be careful with time changes. Now that the phoney server is the only reference, NTP will follow it all the way.That catch is that the stratum2s are also peering to each other, so unless your spoofed reference is more stable than the combined clock of the three they will ignore it.
I'm sorry, but you're wrong. You are left with only *one* stratum-2 system; the others will drop to stratum-3 or lower by lack of a stratum-1 reference. These stratum-3 systems peer to each other and use your only stratum-2 left as there single point of reference. Try it. Block all incoming ntp-traffic except the traffic from one of the external servers. You might be surprised as to how quickly ntp adapts. -- Kees Hendrikse | email: kees () echelon nl | web: www.echelon.nl ECHELON consultancy and software development | phone: +31 (0)53 48 36 585 PO Box 545, 7500AM Enschede, The Netherlands | fax: +31 (0)53 43 36 222
Current thread:
- RE: DNS -vs- the firewall: security thoughts Joe Ippolito - President SVNPA (Mar 11)
- NTp config - for the databases :} Bret Watson (Mar 12)
- Re: NTp config - for the databases :} Kees Hendrikse (Mar 12)
- Re: NTp config - for the databases :} Bret Watson (Mar 12)
- Re: NTp config - for the databases :} Kees Hendrikse (Mar 13)
- Re: NTp config - for the databases :} Bret Watson (Mar 13)
- Re: NTp config - for the databases :} Kees Hendrikse (Mar 12)
- Re: NTp config - for the databases :} Joseph S. D. Yao (Mar 13)
- Re: NTp config - for the databases :} John Painter (Mar 14)
- NTp config - for the databases :} Bret Watson (Mar 12)
- Firewall Audit Programme/checklist Bret Watson (Mar 16)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 16)
- Re: Firewall Audit Programme/checklist Chad Schieken (Mar 16)
- Re: Firewall Audit Programme/checklist Bret Watson (Mar 17)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 17)
- Re: Firewall Audit Programme/checklist blast (Mar 17)
- Re: Firewall Audit Programme/checklist tqbf (Mar 16)