[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [TEKNIK] ntp og sikkerhed



Den Tue, 01 Feb 2005 13:47:37 +0100. skrev Troels Arvin:

> On Tue, 01 Feb 2005 11:37:22 +0000, Keld Jørn Simonsen wrote:
> 
>> Er det rigtigt at NTP kun kører UDP
> 
> Jeg vil ikke 100% afvise, at NTP-protokollen i særtilfælde benytter TCP,
> også (ligesom DNS, hvor man normalt benytter UDP, men også TCP i visse
> sammenhænge). Mine NTP-dæmoner lytter udelukkende på UDP.
> 
>> man så kan lukke for TCP port 123?
> 
> Ja, bortset fra, at det er meningsløst, idet der vel ikke er noget, som
> lytter dér. Og hvis der endelig skulle være noget, som lytter, ville det
> antagelig være en eller anden smart feature i din NTP-software; du
> bør da tage dig tid til at læse nærmere om NTP-protokollen før du
> blokerer. I fald det skulle være noget "ond" software, der lytter, så
> har den onde software haft root-privilegier, og da er dit system alligevel
> ikke særlig troværdigt længere.

Nåh, jeg har lukket for TCP port 123 i min opsætning og det kører vist
fint.

> Principielt kunne NTP-dæmonen sikkert godt fungere ved kun at lytte på
> porten engang imellem, men i praksis ville det så vidt jeg kan se ikke
> have den store sikkerhedsmæssige effekt.

Næh det er vel bedre at åbne for eksplicitte ip-adresser, som du
foreslog. Problemet er blot at jeg nogen steder bruger en ntp pool,
og så er det svært at vide hvilken ip-adresse der er i brug.

Hilsen
keld


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:27 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *