Chris Albertson <albertson.ch...@gmail.com> wrote: > On Thu, Mar 24, 2011 at 4:18 PM, <j...@specsol.spam.sux.com> wrote: >> Hal Murray <hal-use...@ip-64-139-1-69.sjc.megapath.net> wrote: >>> In article <ghps58-1a....@mail.specsol.com>, >>> j...@specsol.spam.sux.com writes: >>> >>>>When I see questions like this my first response is "Why all the bother?". >>>> >>>>There is nothing secret or proprietary about the time of day. >>>> >>>>Since all NTP servers provide UTC, the service reveals nothing about the >>>>machine other than the fact that the clock is correct. >>>> >>>>If you don't want your resources utilized by outsiders, you just block >>>>access to the NTP port for everyone but your own clients as a blocked >>>>port uses less resources than denying an unsucessful authorization does. >>>> >>>>Am I missing something?? >>> >>> Yes. The encryption also verifies that you are talking to the >>> server you think you are talking to rather than an imposter. >> >> If you specify the server by IP address, how does that happen and who >> would bother to do it? > > The most obvious and easy way is that I cut the wire that goes from > your house to your ISP and place a computer (and modems) at the cut > point. It can change any bit in any packet. I would not bother with > your house but a bank, maybe.
Childish fantasy that shows zero understanding of how such things work. > If I could make transactions that were backdated I could make a lot of > money even if only slightly back dated by 10 seconds. Yeah, if you could do that, but you can't. >> IP hijacking will disrupt a lot more than just NTP. > > It can but, that is up to the hijacker. A "man in the middle" > attack can filter network packets and change only the bits he wants > changed Yeah, right, like the time in NTP packets. >> If your server and its clients are on a corporate network, which is the >> usual case for having one's own server, how does this happen? > > Outsider has taken control of a computer that lives inside your network If that happens you have a lot more to worry about then the time on some client machines, like your total lack of competence. > In general your arguments follows a common mistake. It is equivalent > to "I can't figure it out so therefor it can't happen". It is never > valid to argue "it's imposable because I can't figure any way to....". > To claim something is imposable you need something that is very > much like a mathematical proof. I never claimed it is "impossible" to disrupt an NTP server. My arguement is that if the correct time is important it is trival to ensure that with a proper setup and without jumping through hoops. -- Jim Pennino Remove .spam.sux to reply. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions