Hi,
if you are thinking about attackers (resp. cybersecurity), I don't think
there is any way to avoid misuse using NTP. You can have some additional
checks etc, but if somebody can intercept/fake NTP traffic or replace
the server it will --sooner or later- achieve full control of you system
clock (e.g. even if you avoid time jumps, it can slowdown or speed it up
to achieve any time they want).
The only "safe" solution is to use is some secure/encrypted protocol,
like NTS or a shared key.
Greets, Ariel
On 04.02.26 17:50, Bernd Brandstetter wrote:
Hello.
On 2/4/26 17:27, Rob Janssen wrote:
or a last-known-good time, which will be saved to a file once a day.
But that would be disaster waiting to happen!
What when your system syncs to an invalid time in the future?
I thought this could be avoided via the maxchange instruction.
With a more advanced system using NTP (like ntpd or chrony) with
several servers and with limited time step, there isn't much risk
that things go wrong.
Yeah, I should have mentioned that this is a (mostly) closed network
(a train actually). There will be only one master and one backup time
server in the train, which (optionally) synchronize with GPS. All
other devices then synchronize with only these two servers.
But it cannot be ruled out that an attacker gets access to the
network, either from within the train or a maintenance connection.
Thanks and best regards,
Bernd
--
To unsubscribe email [email protected]
with "unsubscribe" in the subject.
For help email [email protected]
with "help" in the subject.
Trouble? Email [email protected].
