Beste,
Ik heb het ziekenhuis verlaten.
Prive e-mails kunnen vanaf nu naar jan janyan.be gestuurd worden.
--
Hello,
I have left the hospital. Private e-mails can be sent to jan janyan.be
Mvg, Kind regards,
Jan
Bonjour,
Je mets à jour nos serveurs NTP.
Cordialement,
-Message d'origine-
De : Florian Weimer [mailto:f...@deneb.enyo.de]
Envoyé : samedi 20 décembre 2014 21:37
À : debian-security-annou...@lists.debian.org
Objet : [SECURITY] [DSA 3108-1] ntp security update
Importance :
On one of my multihomed machines together with authentication I tend to use
something like:
restrict default ignore
restrict ntpserver1 nomodify
restrict ntpserver2 nomodify
restrict ntpserver3 nomodify
restrict network1 mask netmask1 notrust nomodify
restrict network2 mask netmask2 notrust nomodi
At 10:32 -0600 3/10/2001, Piotr Tarnowski wrote:
Hi,
I've installed NTP daemon on my firewall (with sync to
external machine) and
on all internal machines (with sync to my firewall).
I found that this had opend port 123/udp on my firewall,
so now everybody
from the net can use my machine as a
On one of my multihomed machines together with authentication I tend to use
something like:
restrict default ignore
restrict ntpserver1 nomodify
restrict ntpserver2 nomodify
restrict ntpserver3 nomodify
restrict network1 mask netmask1 notrust nomodify
restrict network2 mask netmask2 notrust nomod
At 10:32 -0600 3/10/2001, Piotr Tarnowski wrote:
>Hi,
>
>I've installed NTP daemon on my firewall (with sync to
>external machine) and
>on all internal machines (with sync to my firewall).
>
>I found that this had opend port 123/udp on my firewall,
>so now everybody
>from the net can use my machi
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Saturday, March 10, 2001 9:29 PM
> Subject: Re: NTP security
>
[...]
> See Ultra-Link, http://www.ulio.com/ for a low cost battery powerable
> atomic clock radio receiver. It has a 3
On Sat, Mar 10, 2001 at 11:28:50PM -0600, Bryan Andersen wrote:
> Jamie Heilman wrote:
> > > I noticed that /etc/services has a tcp entry for ntp. Is there any way
> > > (short of changing the code) to coax ntp to use tcp instead of udp ?
> >
> > No, UDP is intrinsic to how NTP works.
>
> Actuall
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, March 10, 2001 9:29 PM
> Subject: Re: NTP security
>
[...]
> See Ultra-Link, http://www.ulio.com/ for a low cost battery powerable
> atomic clock radio receiver. It has a 3
On Sat, Mar 10, 2001 at 11:28:50PM -0600, Bryan Andersen wrote:
> Jamie Heilman wrote:
> > > I noticed that /etc/services has a tcp entry for ntp. Is there any way
> > > (short of changing the code) to coax ntp to use tcp instead of udp ?
> >
> > No, UDP is intrinsic to how NTP works.
>
> Actual
> See Ultra-Link, http://www.ulio.com/ for a low cost battery powerable
> atomic clock radio receiver. It has a 3V inverted TTL RS-232 link
> that runs at 2400 or 9600 baud. Power draw is +3.5V to 15V at 600uA.
Thats pretty snazzy.
> Actually it isn't. A bi-directional link is usually need
Jamie Heilman wrote:
>
> > So what is the most secure way of syncing time on a server ?
>
> Coupling your server directly to an atomic clock, or some other source of
> "hard" time, yeilds no network reliance at all, and is the most secure way.
> Using bug free software is the most secure way to s
> See Ultra-Link, http://www.ulio.com/ for a low cost battery powerable
> atomic clock radio receiver. It has a 3V inverted TTL RS-232 link
> that runs at 2400 or 9600 baud. Power draw is +3.5V to 15V at 600uA.
Thats pretty snazzy.
> Actually it isn't. A bi-directional link is usually nee
Jamie Heilman wrote:
>
> > So what is the most secure way of syncing time on a server ?
>
> Coupling your server directly to an atomic clock, or some other source of
> "hard" time, yeilds no network reliance at all, and is the most secure way.
> Using bug free software is the most secure way to
> So what is the most secure way of syncing time on a server ?
Coupling your server directly to an atomic clock, or some other source of
"hard" time, yeilds no network reliance at all, and is the most secure way.
Using bug free software is the most secure way to synchronize over a network.
ntpd co
> So what is the most secure way of syncing time on a server ?
Coupling your server directly to an atomic clock, or some other source of
"hard" time, yeilds no network reliance at all, and is the most secure way.
Using bug free software is the most secure way to synchronize over a network.
ntpd c
Rishi L Khan wrote:
> Maybe use tcp wrappers? That's how I'd do it.
Nope, ntpd doesn't link against libwrap and can't be run out of inetd.
--
Jamie Heilman http://audible.transient.net/~jamie/
"I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's
not for y
Rishi L Khan wrote:
> Maybe use tcp wrappers? That's how I'd do it.
Nope, ntpd doesn't link against libwrap and can't be run out of inetd.
--
Jamie Heilman http://audible.transient.net/~jamie/
"I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's
not for
Maybe use tcp wrappers? That's how I'd do it.
-rishi
On Sat, 10 Mar 2001, Jamie Heilman wrote:
> Piotr Tarnowski wrote:
>
> > If not can I limit allowed clients somehow ? (I noticed that DENY on
> > ipchains to others than my reference external server limits ntptrace
> > usage).
Maybe use tcp wrappers? That's how I'd do it.
-rishi
On Sat, 10 Mar 2001, Jamie Heilman wrote:
> Piotr Tarnowski wrote:
>
> > If not can I limit allowed clients somehow ? (I noticed that DENY on
> > ipchains to others than my reference external server limits ntptrace
> > usage).
Piotr Tarnowski wrote:
> If not can I limit allowed clients somehow ? (I noticed that DENY on
> ipchains to others than my reference external server limits ntptrace
> usage).
To the best of my knowledge you can't natively (in the application)
control access at the transport level, which is unfort
Hi,
I've installed NTP daemon on my firewall (with sync to
external machine) and
on all internal machines (with sync to my firewall).
I found that this had opend port 123/udp on my firewall,
so now everybody
from the net can use my machine as a server.
I have nothing against this as long as
Piotr Tarnowski wrote:
> If not can I limit allowed clients somehow ? (I noticed that DENY on
> ipchains to others than my reference external server limits ntptrace
> usage).
To the best of my knowledge you can't natively (in the application)
control access at the transport level, which is unfor
Hi,
I've installed NTP daemon on my firewall (with sync to
external machine) and
on all internal machines (with sync to my firewall).
I found that this had opend port 123/udp on my firewall,
so now everybody
from the net can use my machine as a server.
I have nothing against this as long as
24 matches
Mail list logo
