[AusNOG] NTP and tunnel - thanks
Peter Lawler
ausnog at bleeter.id.au
Wed Jan 8 15:38:59 EST 2014
On 08/01/14 15:11, Paul Gear wrote:
> On 01/08/2014 07:57 AM, Geordie Guy wrote:
>> Thanks for the tips and ideas onlist and off, we're temporarily
>> disabling the aggressive NTP checks until we can agree on a server
>> both peers can use and we'll see how it goes.
>
> Which server you use shouldn't make any difference. NTP is designed to
> get close to the one true time, even in the face of inaccurate peers.
> The important thing is that all endpoints have between 3 and 6 peers
> configured so that they can determine what the one true time is.
>
And, I'd suggest, have monlist enabled
https://isc.sans.edu/diary/NTP%20reflection%20attack/17300
(I am not a Juniper bod, I'll leave it up to another Nogger to verify
the comment on that page about that kit if they feel the need)
P.
More information about the AusNOG
mailing list