>On Fri, 4 Apr 1997, Arley Carter wrote:
>
>> On Fri, 4 Apr 1997 DSAWYER @
PILLSBURY .
COM wrote:
>>
>> > In a nutshell what I need to know is how do I get udp based packets
on
>> > port 123 through the firewall?
>> >
>> > Anybody have any ideas?
>>
>> Bad Idea. Setup the firewall to be the auhtoritative time source for the
>> domain using xntpd to the outside world. Set the firewall to broadcast time
>> to the networks you want. Have the inside machines listen to time
>> broadcasts from the firewall. No need to pass udp through the firewall.
>
>Agreed. If you're super-paranoid, then you can shell out the US$200 for a
>GPS receiver and make yourself into a stratum-1 server. (If you do this,
>you should do it outside the firewall, offer stratum-1 services to others,
>and make your firewall a stratum-2 server, using ntp's builtin
>cryptographic authentication.)
>
>And to whoever said that you shouldn't use time-based cryptography, there
>are well-respected cryptosystems which rely on accurate time info on both
>client and server to eliminate replay attacks and other time-based hacks.
>To dismiss them merely because they require accurate time info is silly.
>
>__
>Todd Graham Lewis MindSpring Enterprises tlewis @
mindspring .
com
>
>
Does anyone have a reference for where to get this US$200 GPS NTP server?
The Ads I've seen are for 10 times that amount.
Bill
Please remember to always flame via private eMail - the rest of the group
is just not interested.
|
|
