I use ntp already. I am about to switch icmp timestamps off (security people are afraid of that setting), just curious what was the purpose of it.
2013/10/10 Theo de Raadt <dera...@cvs.openbsd.org>: >> > it turned out that OpenBSD allows icmp timestamping by default: >> > >> > net.inet.icmp.tstamprepl=1 >> > >> > what was that done for ? >> >> well, why not? >> >> if you have some program vulnerable to a "the attacker knows the time" >> attack, i don't think turning off icmp timestamps will save you. the >> attacker could reasonably guess that your system time is going to be >> close to his system time. unless you are going to deliberately set the >> clock wrong on all your systems. fixing the vulnerability seems like a >> better idea. > > there is also this thing called ntp that is becoming rather common. > if you're not doing time distribution to your systems, ah, i see the > problem.
