[ale] time servers

Transam transam at verysecurelinux.com
Fri Oct 25 18:59:02 EDT 2002 

> This has been covered here before, but I'm finding that the old standbys
> don't work. Today I ran:

> /usr/sbin/netdate -v bitsy.mit.edu

> and I got a failure again and again. So, I tried another dozen or so
> servers I found o the Internet and they all failed too. Does anybody
> have a good server that is working now?

Try:

netdate tcp radar.gatech.edu radar.gatech.edu ; /sbin/clock -u -w


Notes:

  1. It is critical to specify "tcp" to use the TCP protocol rather than
     UDP.  Besides avoiding the UDP vulnerability to spoofing, this will
     avoid a common time server bug in that they sometimes will return
     a bogus time decades into the future occasionally under UDP but not
     TCP.  I've seen this problem on NIST's time servers and MIT's but
     not Tech's. :|)

  2. Invoke clock (sometimes called hwclock) to save the time to CMOS.

  3. To reduce random network latency, its best to use nearby time servers.
     Thus, avoid those in Europe and Cali (for those folks in the Eastern US).

  4. To reduce load on time servers, have one of your systems be your
     organization's time standard and have all other internal systems query
     it.

Bob Toxen
transam at verysecurelinux.com            [Bob's ALE Bulk email]
bob at verysecurelinux.com                [Please use for email to me]
http://www.verysecurelinux.com         [Network&Linux/Unix security consulting]

http://www.realworldlinuxsecurity.com/
[My book:"Real World Linux Security, 2nd Ed.", published 10/24/2002]

Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

GPG Public key available at http://www.verysecurelinux.com/pubkey.txt
  and on the CD-ROM that comes sealed and attached to Real World Linux Security
pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at verysecurelinux.com>
     Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
sub  2048g/03FFCCB9 2000-06-21

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list