SLUG Mailing List Archives - Re: [chat] What's the time?

To: slug-chat@xxxxxxxxxxx
Subject: Re: [chat] What's the time?
From: Tony Green <tgreen@xxxxxxxxxxx>
Date: Thu Nov 1 08:13:02 2001
User-agent: Mutt/1.3.23i

* This one time, at band camp, Steve Kowalik said:
> At 10:43 pm, Wednesday, October 31 2001, Adrian van den Dries mumbled:
> > Well, there was no response.
> >
> But, how long did you wait?
> 
> > Would anyone, Jeff or otherwise, like to expound the graces or evils of
> > NTP?
> > 
> NTP _rocks_. Simply, it works. I'm only on a dialup, which is only connected
> about half the day, and yet, it still manages to sync my clock perfectly.
> And, on the odd occasion it breaks, I kill it, run ntpdate, start the
> daemon, and within 5 minutes I'm in-sync again?
> Is this bad because it doesn't talk to LDAP, have a Gnome front-end, or have
> Pants in it? Of course not. I stand by my point, NTP rocks.
> 

Now thats the level of argument we like to see on slug-chat.. XXX
rocks!! ;-)

I use NTP a lot and agree with MOST of what Steve said.  However it is
worth pointing out some little problems with it.

A recent security hole with virtually ALL releases of NTP caused a
successful crack of computers at a company I was working at a while
back.  This is made easier by the firewall restrictions which NTP forces
upon us.

It communications, via UDP, over socket 123 for normal operations.  This
means that both local and remote servers communicate over the same port 
number during the conversation (no high ports here).  This makes it
harder to block - you have to manually set each NTP server in your
firewall rules.

Also the ACL's, within NTP, which people rely on to block unwanted
attempts are not foolproof (though what is).  Since it primarily uses
UDP, it is not as hard to spoof packets through which will pass the
ACL's tests.

All in all its a good server IMHO, however there are a few things that I
would be cautious about when using it in a non-dialup environment.

HTH

Greeno
-- 
Greeno <tgreen@xxxxxxxxxxx>
GnuPG Key :  1024D/B5657C8B 
Key fingerprint = 9ED8 59CC C161 B857 462E  51E6 7DFB 465B B565 7C8B

Imagine working in a secure environment and finding the string 
_NSAKEY in the OS binaries without a good explanation
    -Alan Cox 04/05/2001

Follow-Ups:
- slug-chat logic (Was: [chat] What's the time?)
  - From: Peter Hardy

References:
- Re: [chat] What's the time?
  - From: Steve Kowalik

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chat] What's the time?
Next by Date: slug-chat logic (Was: [chat] What's the time?)
Previous by thread: Re: [chat] What's the time?
Next by thread: slug-chat logic (Was: [chat] What's the time?)