On Fri, 27 Oct 2006, Maarten Wiltink wrote: > <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > >> I should have said, I am using an HTTP utility on the server to >> synchronise with the Internet given that NTP is blocked. > > Talk about shooting yourself in the foot. Getting your time > from HTTP responses is _vastly_ inferior to NTP. > > I'm also not quite sure what good they think they're doing. I'd > say that HTTP is the more dangerous of the two.
Maybe the people who set the policy did a risk benefit analysis where "benefit of HTTP" was thought to be BIGNUM*"benefit of NTP" while "risk of HTTP" was only several times "risk of NTP". > If they're worried about punching holes in their firewall, they > could limit it to (NTP) traffic to and from an ISP NTP server. > Presumably they trust their ISP for that, given that they trust > everybody and his dog HTTP-wise. Where I work, we do have holes in firewalls limited to particular machines and external IP's, but they are high maintenance -- the holes tend to close whenever the configuration is tweaked, external sites reconfigure, etc. c.t.p.ntp gets many requests for people looking for tools to deal with situations that are outside ntp's mandate: 1. cheap and easy ntp service for an isolated network 2. quickly sync a machine that runs intermittently or has intermittent/sporadic network connection but performs a time-critical task such as pointing a high-gain antenna at a satellite in a low orbit It should be noted that it is often cheaper and easier to stick with bog standard configurations even if the result is overkill. Many people assume a GPS time source will be hard/expensive. -- George N. White III <[EMAIL PROTECTED]> _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
