[AusNOG] NTP and tunnel - thanks

Peter Lawler ausnog at bleeter.id.au
Wed Jan 8 15:40:13 EST 2014


On 08/01/14 15:38, Peter Lawler wrote:
> On 08/01/14 15:11, Paul Gear wrote:
>> On 01/08/2014 07:57 AM, Geordie Guy wrote:
>>> Thanks for the tips and ideas onlist and off, we're temporarily
>>> disabling the aggressive NTP checks until we can agree on a server
>>> both peers can use and we'll see how it goes.
>>
>> Which server you use shouldn't make any difference.  NTP is designed to
>> get close to the one true time, even in the face of inaccurate peers.
>> The important thing is that all endpoints have between 3 and 6 peers
>> configured so that they can determine what the one true time is.
>>
>
> And, I'd suggest, have monlist enabled

GAH, edit fail.


*avoid machines that have monlist enabled*

>
> https://isc.sans.edu/diary/NTP%20reflection%20attack/17300
>
> (I am not a Juniper bod, I'll leave it up to another Nogger to verify
> the comment on that page about that kit if they feel the need)




More information about the AusNOG mailing list