I can see how this would be done if you were using something like cron,
ipchains and ntpdate to query the server - something like "cron, include
ipchain ACCEPT rule, ntpdate, sleep for a few seconds, delete ipchain
rule", but what if you want to do the auto synch thing with your server as
a strata server. In this case the synch timing is handled by the ntpd
daemon itself, or perhaps the ntpd daemon shouldn't be used like this.
--
Howard.
____________________________________________________
LANNet Computing Associates <http://lannetlinux.com>
"...well, it worked before _you_ touched it!" --me
"I trust just one person,
and there are times when I don't even trust myself"
--me
On Wed, 28 Feb 2001, Crossfire wrote:
> Howard Lowndes was once rumoured to have said:
> > Can you do stateful inspections on ntp though? It runs on udp. Is this
> > possible? You can define what servers you will accept ntp from, but
> > surely the source IP could be easily spoofed anyway. I don't know how you
> > would go trying to do an auth transfer from, say, CSIRO.
>
> Yes. NTP is very simple protocol.
>
> You open the return path once you send the NTP "request" packet, and
> close it within a reasonable timeframe. If you're getting a large
> number of reply packets any other time, you just block, and don't
> open.
>
> Also, use the fact that ntpd permits multiple servers.
>
> C.
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
