Great Circle Associates Firewalls
(July 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: need suggestion xntpd a security hole ???
From: Dave Wreski <dave @ nic . com>
Date: Sat, 5 Jul 1997 13:24:29 -0400 (EDT)
To: Douglas McNaught <doug @ ono . tc . net>
Cc: Bret Watson <Bret . Watson @ bwa . net>, firewalls @ GreatCircle . COM
In-reply-to: <m2k9j5qyhm . fsf @ ono . tc . net> 
> > I would also like to bring ntp into my network, on the only line providing
> > Internet access to a small company I'm working with.

> NTP is a UDP-based service, so you can't plug-gw it.  The usual
> procedure is to run an NTP daemon on the bastion host, and sync it to
> as many low-stratum servers as possible.  Have the internal clients
> sync either directly to the bastion host or to internal higher-stratum
> servers.

How is it more secure to run an ntp daemon on the bastion host, and serve
the internal network from there, rather than from the stratum's on the
Internet?

I suppose I could only allow that port from bastion host to internal
network...

Thanks again,
Dave
Follow-Ups:
References:
Indexed By Date Previous: Re: need suggestion xntpd a security hole ???
From: Douglas McNaught <doug @ ono . tc . net>
Next: Re: Microsoft plans to offer a firewall
From: Bill Stout <stoutb @ pios . com>
Indexed By Thread Previous: Re: need suggestion xntpd a security hole ???
From: Douglas McNaught <doug @ ono . tc . net>
Next: Re: need suggestion xntpd a security hole ???
From: Claudio Telmon <claudio @ DI . Unipi . IT>
Google
 
Search Internet Search www.greatcircle.com