OpenNTPD inclusion on Fedora Core
Ian Burrell
ianburrell at gmail.com
Mon Mar 21 23:24:59 UTC 2005
On Mon, 21 Mar 2005 08:40:01 -0500, Paul A. Houle <ph18 at cornell.edu> wrote:
> Well, I've always been a little worried about NTP. The US military runs
> well-publicized and well-used NTP servers, and they wouldn't be doing
> what we pay them to do if they weren't ready to slip somebody a bad packet
> when duty calls.
>
You shouldn't be using the usno.navy.mil NTP servers since they are
overloaded. Redhat provides a time server, clock.redhat.com, which
gets its time from CDMA which gets it from GPS. Most of the public
NTP servers in pool.ntp.org get their time from GPS or CDMA. Some may
even have their own atomic clocks.
Also, any one organization would have a hard time sending time to
change your clock. ntpd has some sophisticated ways to find bad
clocks and ignore them. This is a good reason to stick with ntpd
instead of OpenNTPD. NTP isn't authenticated so there are attacks,
like blocking all other sources and sending bad packets. But that is
much likely to come from hackers, not the Naval Observatory.
If you are concerned about security, buy your own GPS receiver. If
you are really paranoid, buy your own atomic clock.
- Ian
More information about the fedora-devel-list
mailing list