This is exactly why I recommended against implementing a complicated type
of system for remote modem/vendor support.
Which then put's one at for other things other than just the remote modem
for the vendor
/m
At 12:12 PM 10/11/00 -0400, Ng, Kenneth (US) wrote:
>You really don't *NEED* NTP for the Ace server. I myself don't run NTP. I
>do a 'ntpdate -d' to get the time differential, and then run a 'date -a' to
>adjust the time if the difference is less than a few seconds. NTP opens you
>up to time shifting attacks, and a possible system wide denial of service
>attack if it ever fails for a long period of time and the time shifts off
>more than a minute and then all of a sudden NTP fixes the time.
>
>But, on the other hand, having the correct time on the Ace server makes
>investigations easier, and if you want to prosecute someone, is mandatory if
>you want to submit the logs as evidence.
>
>Note: GPS opens you up to a remote attack if someone has equipment to spoof
>the signals. The CA signal format is public knowledge. The real signal is
>already buried in the background noise.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
