ntp config tech note

Jared Mauch jared at puck.nether.net
Thu May 20 23:12:27 UTC 2004

On Thu, May 20, 2004 at 06:37:23PM -0400, C. Jon Larsen wrote:
> On Thu, 20 May 2004, Jared Mauch wrote:
> > 
> > 
> > 	I've found it useful on older machines (PCs with cheap clocks and
> > oscilators) to cron ntpdate once an hour to prevent the clock from
> > getting too far off by itself.  I've found the daemon doesn't do good enough
> > of a job to sync on it's own...
> Isn't that a lot safer anyway than running a daemon (ntpd) as root ?  I do 
> this on my systems (run ntpdate from cron), even though the xntpd 
> docs IIRC specifically advised against this hack. One less 
> vulnerability waiting to be exploited ... is the way I see it.

	well, it does help if your clock goes nicely (or poorly) askew.
problem is any timestamps you may have on that host (radius, smtp, etc..) 
that you use to track down the (l)users on your network can cause a problem.

	all you have to be concerned with is "am i doing ntpdate from something
that can be poisoned".  that's amongst many reasons to have the "your clock is
too far off, you must reset manually" log messages.

	- jared

Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the NANOG mailing list