[ntp:questions] Symmetric Key samples
Hi, I've defined the following symmetric keys in my NTP client and serve but they didn't work. I defined them based on my understanding of the ntp key man page which doesn't have sample keys. 1 A passA1 2 N 0xC7D3C7D3C7D3C7D3 3 S 0xD7DAD7DAD7DAD7DA 4 S 0xd5b5cdd9dcfec1f1 NTP Associations Status: ind assid status conf reach auth condition last_event cnt === 1 21670 963a yes yes none sys.peersys_peer 3 2 21671 c02c yes*no bad * reject 2 I'd appreciate it if some one can post sample of A,M,N and S keys Thanks Joe ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Ginormous offset and slow convergance
On Thu, Dec 01, 2011 at 12:24:44AM +, Pete Ashdown wrote: > Miroslav Lichvar writes: > > >Would be interesting to know if this happens on every ntpd restart or > >only shortly after the GPS unit was powered up. > > Every restart (that doesn't have 127.127.0.1 in the config). That would suggest a problem rather on the ntpd side. I wasn't able to analyze the oncore debug messages in your other post, but maybe you could try to switch the unit to NMEA mode and use the NMEA driver or try it with gpsd and SHM driver and see if that makes a difference. -- Miroslav Lichvar ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Symmetric Key samples
On Fri, Dec 2, 2011 at 14:39, Joe Smithian wrote: > Hi, > > I've defined the following symmetric keys in my NTP client and serve but > they didn't work. I defined them based on my understanding of the ntp key > man page which doesn't have sample keys. Which version of ntpd are you using? ntpq -c "rv 0 version" will tell you. > 1 A passA1 > 2 N 0xC7D3C7D3C7D3C7D3 > 3 S 0xD7DAD7DAD7DAD7DA > 4 S 0xd5b5cdd9dcfec1f1 The type column M (for MD5) is the most broadly supported. With 4.2.6 and later, a number of other digest algorithms are supported. See http://www.eecis.udel.edu/~mills/ntp/html/authentic.html for an example suitable for 4.2.6 and later. Cheers, Dave Hart ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Denial of Service attack 29 November 2011
j...@specsol.spam.sux.com wrote: > Rob wrote: >> Rich wrote: >>> Someone is "at war" with USNO NTP service. >>> They could be students, who knows? >>> But all of the offending addresses traced to Chinese sites. >>> In order to continue to provide NTP to US customers, >>> USNO elected to block Chinese networks at the /8 level >>> whenever we were able to trace the attacks to those networks. >>> Note that there are 2,605 known Chinese CIDR blocks. >>> It takes some time to implement that block list, >>> and it requires considerable horsepower. >>> When it comes to making a choice between staying online >>> and denying USNO NTP to China, we must unfortunately >>> make the more secure choice. >> >> Yeah, sure. >> But where you went over the line is when you recommended >> others to do the same. Your local solutions to your >> particular problems are not to be recommended to be used >> by the rest of the world. Rob gets to decide what others recommend, and / or what others do based on those recommendations? > I highly disagree. > > Anyone can recommend anything they want. > > It is up to the individual to evaluate the recommendation > and decide if the recommendation makes any sense for that > individual's particular situation. Anyone Sane. Anyone who wants their career in IT to continue. -- E-Mail Sent to this address will be added to the BlackLists. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
