Time Delta
Paul-Andrew Joseph Miseiko
esoteric at teardrop.ca
Thu Nov 18 16:08:11 EST 2004
If people restricted query packets they would not have gotten rooted. A
simple rule of thumb is to disable things you would not use and I see no
reason why a remote client has to query my NTP version, OS version, CPU
type, et cetera.... so query packets (also known as control blocks) are
best left disabled. Also if you are uber paranoid setting up your
firewall to only accept packets of one size, 76 bytes, will further reduce
any potential risk of running NTPD.
76 bytes = NTP packet + UDP Header + IP Header
-
Behind every great man is a great woman...and behind every great woman is some guy staring at her butt!
On Thu, 18 Nov 2004, Jonathan R. Lusky wrote:
> Don't let the ntpd weenies hear you suggest cron'ing ntpdate--they get
> pissy about how bad that is :).
>
> For the rest of us who don't give a damn about more than 0.1s accuracy
> on their system clocks, and especially anyone who got rooted by the last
> big ntpd vuln, ntpdate cronjob works fine. One caveat though--you probably
> need to do it more than just once a day. I usually do every 30 minutes.
> When you run ntpdate, you'll see that it says "adjust" or "step". The only
> time you should see "step" is the first time you run ntpdate after
> booting, or if the NTP servers have been unreachable for an extended period
> of time. If you're seeing it regularly, it means your interval between updates
> is too large.
>
>
> Paul-Andrew Joseph Miseiko writes:
>> Yes getting NTP working is the best solution.
>>
>> You can run ntpdate (example: ntpdate teardrop.ca) inside a crontab as root
>> once a day or for optimal time synchronization run ntpd.
>>
>> To run ntpd first setup the /etc/ntp.conf file by placing a few lines in it
>> as so:
>>
>> server 216.58.80.246
>> restrict 216.58.80.246 noquery nomodify notrap nopeer
>> restrict 127.0.0.1 noserve nomodify notrap nopeer
>> restrict default ignore
>>
>> This will synchronize to my server using the default poll values and will
>> allow the localhost the ability to view NTP statistics with programs such as
>> ntpq and ntpdc. (To see offset statistics try "ntptime", or "ntpq -p", or
>> "ntpdc -c sysinfo".
>>
>> -----Original Message-----
>> From: hybrid-bounces at lists.ircd-hybrid.org
>> [mailto:hybrid-bounces at lists.ircd-hybrid.org] On Behalf Of Peter Evans
>> Sent: November 14, 2004 11:06 PM
>> To: General IRCD-Hybrid Discussion
>> Subject: Re: Time Delta
>>
>> simos (simos at simosnap.com) wrote:
>>> i've this problem when i try to link a server on a shell account without
>>> root access to synch time
>>
>> Get someone to fix the time for you. thats almost 7 hours out.
>>
>> Since 194.150.123.41 is learn.unix-tips.com. One would think they
>> could at least get ntp working. ^^;
>>
>>> -irc.*****.com- *** Notice -- Link
>>> gaia.*****.com[unknown at 194.150.123.41] dropped, excessive TS delta (my
>>> TS=1100488773, their TS=1100513524, delta=24751)
>>
>> --
>>
>
> --
> Jonathan R. Lusky lusky at blown.net
> http://www.blown.net/
> ------------------------------- --------------------------------------
> 68 Camaro Convt - 350 / TH350 \_/ 2000 Mustang GT Convt - 4.6SOHC / T45
>
More information about the hybrid
mailing list