nanog mailing list archives
Re: ntp config tech note
From: Crist Clark <crist.clark () globalstar com>
Date: Fri, 21 May 2004 09:50:21 -0700
C. Jon Larsen wrote: [snip]
Its interesting to hear what other folks are doing. I had assumed folks normally don't run ntpd on each and every server and that ntpdate + cron was much preferred; maybe I am off-base.
After the last "big" xntpd vulnerability a few years ago, I went through and made sure that I had the permissions set appropriately, restrict <server1> noquery nomodify restrict <server2> noquery nomodify ... restrict 127.0.0.1 nomodify restrict default ignore On UNIXen servers. Of course, I upgraded my daemons where possible, but the vulnerability occurred late enough in the message processing that the approprate restrictions prevented exploit (the packet was dropped before the vulernable code was reached). Of course, there still is the potential for vulnerabilities very, very early in message processing, or in spoofed query responses if someone knows what servers I use and is behind the firewall. But overall, I like it much better than what the UNIX admin here used to do, 0 2 * * * rdate timehost -- Crist J. Clark crist.clark () globalstar com Globalstar Communications (408) 933-4387
Current thread:
- Re: ntp config tech note, (continued)
- Re: ntp config tech note C. Jon Larsen (May 20)
- Re: ntp config tech note Jared Mauch (May 20)
- Re: ntp config tech note Adrian Chadd (May 20)
- Re: ntp config tech note C. Jon Larsen (May 20)
- Re: ntp config tech note Adrian Chadd (May 20)
- Re: ntp config tech note Randy Bush (May 20)
- Re: ntp config tech note sthaug (May 21)
- Re: ntp config tech note C. Jon Larsen (May 21)
- Re: ntp config tech note Eric A. Hall (May 21)
- Re: ntp config tech note Mike Leber (May 24)
- Re: ntp config tech note Crist Clark (May 21)
- Re: ntp config tech note james edwards (May 21)
- Re: ntp config tech note Charles Sprickman (May 20)
- Re: ntp config tech note Pekka Savola (May 21)
- Re: ntp config tech note John Kristoff (May 20)
- Re: ntp config tech note Michael Sinatra (May 20)
- Re: ntp config tech note John Kristoff (May 21)
- Re: ntp config tech note Michael Sinatra (May 21)
- Re: ntp config tech note Stephen J. Wilcox (May 23)
- Re: ntp config tech note Tony Li (May 23)