[CLUE-Tech] NTP Questions
Jed S. Baer
thag at frii.com
Fri Jan 11 22:46:16 MST 2002
Howdy, folks.
Well, I've been reading the ntp docs, and I'm finding them somewhat vague.
So here's a dumb question.
Somewhere, amidst the /usr/share/doc/ntp-4.0.99k/ files, I saw a reference
(can't find it now, of course), stating that if you don't have your ntp
daemon properly secured, other ntp users could fiddle with your system
clock. From the supplied ntp.conf file (guess that's where it was):
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
So, my question is, is there a known set of restrict (or other) options
which will tell the ntp daemon "don't do anything but query your upstreams
to set my local clock", and deny anything else? IOW, be only a client, not
a server.
Um, the security supplied by the /etc/ntp/keys file looks easily
crackable, to me.
I suppose the other option is to set up an IPTables filter for UDP on the
ntp port.
Cheers,
jed
--
"Those who expect to reap the blessings of freedom must, like men,
undergo the fatigue of supporting it."
- Thomas Paine
More information about the clue-tech
mailing list