Miroslav Lichvar <mlich...@redhat.com> wrote: > On Thu, Mar 24, 2011 at 05:01:07PM -0700, Chris Albertson wrote: >> Security is so that you know you are not being spoofed. Or if you are >> providing the time so that you can prove to your users that you are >> who you claim to be and are not spoofing them. >> >> There is the chance that someone might "impersonate" one of your >> servers or a server you use. and then make a computer's clock be set >> to the wrong time. Again "who cares" if you only use your computer >> to serf the web and read emails but what if you were a bank processing >> ATM or visa card transactions or worse a computer routing trans or >> airplanes or controlling stop lights. > > There is one important thing I haven't seen mentioned here. A MITM > doesn't need to modify the NTP packets to seriously degrade your > timekeeping. He can exploit the PLL instability when undersampled and > by dropping and delaying the packets (up to maxdist, 1.5s by default) > he can fairly quickly throw your clock off and let you drift away. > > In addition to the authentication, it's important to monitor > reachability of the peers.
One more time, if time is critical to your operation you have several sources to include local GPS and CDMA NTP boxes. -- Jim Pennino Remove .spam.sux to reply. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions