[Info-vax] NTP vulnerabilities

Bill Gunshannon bill at server3.cs.scranton.edu
Mon Jan 5 09:25:06 EST 2015 

In article <m7e5hd$c2i$1 at news.albasani.net>,
	Jan-Erik Soderholm <jan-erik.soderholm at telia.com> writes:
> Dirk Munk skrev den 2014-12-24 01:53:
>> Jan-Erik Soderholm wrote:
>>> Stephen Hoffman skrev den 2014-12-21 14:40:
>>>> On 2014-12-21 13:07:18 +0000, Scott Dorsey said:
>>>>
>>>>> In a typical install, NTP is operating as both a client and a server and
>>>>> everybody is sharing clock information with everyone else.  That is what
>>>>> makes it more accurate than any of the individual clocks that make up
>>>>> the
>>>>> NTP network.
>>>>
>>>> Some of the folks are using NTPDATE at boot and then a "free running"
>>>> clock, though.
>>>>
>>>> Which means no NTP server.   Sometimes also wacky time jumps, too.
>>>>
>>>> If the ISP routing error is allowing access to the web server, see
>>>> <http://labs.hoffmanlabs.com/node/1280>
>>>>
>>>>
>>>
>>> We run NTPDATE once an hour against the main NTP server.
>>
>> Why on earth do you do that?
> 
> Becuse it is "good enough" for the actual environment.
> 
> And it is way better then before when the system could
> be +/- 5 min off before it was manualy corrected.
> 
>> I've seen others do the same thing, they write
>> their own batch/crontab procedures...
> 
> It is not much to "write". One single submit command line
> in the CRONTAB.DAT file (that is already there anyway) and
> a short COM file:
> 
> $ type util:[ntp]sync.com
> $! Sync system clock with ntp server
> $!
> $ @sys$manager:tcpip$define_commands
> $!
> $ ntpdate <ntp server>
> $!
> $ exit
> 
> 
> 
>> to do what NTP can do by itself, and
>> much better.
> 
> Better then "good enough" is not needed.
> 
> I checked right now (40 min past last run) and the clock
> was off with 0.015359 sec. Certenly "good enough".
> 
> So say that the clock is off with at most aprox 0.02 sec.
> 
> "Good enough".
 
And yet, the comon mantra here is that "good enough" isn't "good enough"
and that is why everyone should be using VMS.  Go figure.

bill
 

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>

More information about the Info-vax mailing list