Richard Threadgill wrote :
>
> [snip]
>
> This is the strongest reason to not run ntp on your firewall router.
> Why do you consider the incoming ntp stream trustworthy? (Not to cast
> doubt upon the NTP project, but there are *lots* of interesting attacks
> on authentication systems which depend on perverting their clock). I would
> strongly recommend that if you are planning on using clock-based
> authentication schemes (eg, kerberos), you make sure that the clock is
> fundamentally internal. An atomic or radio clock on your premises is fairly
> unlikely to be compromised; an external ntp clock is not so blessed.
>
What bothers me most is that (according to the docs - I didn't try it) NTP
is *enabled* by default.
--
Michel Lavondes |It's is not, it isn't ain't, and it's it's, not its,
lavondes @
tidtest .
total .
fr|if you mean it is. If you don't, it's its. Then too,
Phone : +33-1-4135-4198 |it's hers. It isn't her's. It isn't our's, either.
#include <disclaimer.h> |It's ours, and likewise yours and theirs.
References:
|
|
