Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NTp config - for the databases :}

From: kees () echelon nl (Kees Hendrikse)
Date: Fri, 13 Mar 1998 09:06:53 +0100 (MET)


time by spoofing only **one** of your 18 reference servers. NTP will happily
follow this one phoney server, as long as it believes the other 17 are dead. 
I don't even have to be careful with time changes. Now that the phoney server
is the only reference, NTP will follow it all the way.


That catch is that the stratum2s are also peering to each other, so unless
your spoofed reference is more stable than the combined clock of the three
they will ignore it.


I'm sorry, but you're wrong. 
You are left with only *one* stratum-2 system; the others will drop to
stratum-3 or lower by lack of a stratum-1 reference. These stratum-3
systems peer to each other and use your only stratum-2 left as there
single point of reference. 

Try it. Block all incoming ntp-traffic except the traffic from one of the
external servers. You might be surprised as to how quickly ntp adapts. 

-- 
Kees Hendrikse                               | email:     kees () echelon nl
                                             | web:        www.echelon.nl
ECHELON consultancy and software development | phone: +31 (0)53 48 36 585
PO Box 545, 7500AM Enschede, The Netherlands | fax:   +31 (0)53 43 36 222
Previous By Date Next
Previous By Thread Next

Current thread: