Mailinglist Archive: opensuse-security (141 mails)
| < Previous | Next > |
Re: [suse-security] Strange clock behaviour of firewalls
- From: Mark Lutz <luma@xxxxxxxxxxx>
- Date: Tue, 14 Dec 1999 21:32:23 +0100 (CET)
- Message-id: <199912142036.VAA08435@xxxxxxxxxxxxxxxxxxx>
* Bernd Felsche <bernie@xxxxxxxxxxxxxxxxxxx> writes:
> Mark Lutz writes:
> > /usr/sbin/netdate -l 300 time.fu-berlin.de
>
> Actually, I prefer to use a secure server on the LAN being
> protected by the firewall.
Actually, I think that should work, too. On the "secure" server on
your LAN you would remove the "#" in front of the following line
time dgram udp wait root internal
in "/etc/inetd.conf" and "/sbin/init.d/inetd restart" should do the
trick. On the "client" you would use "/usr/sbin/netdate secure_server"
to set the time according to that server's time.
> The fewer ports are "open" on the "nasty" side, the better.
I hope the above makes sense. Have a look at "man netdate".
> Is there a secure method of obtaining times over the Internet?
Since you will obtain the time from a server within your LAN, this
should be safe, shouldn't it?
> Mark Lutz writes:
> > /usr/sbin/netdate -l 300 time.fu-berlin.de
>
> Actually, I prefer to use a secure server on the LAN being
> protected by the firewall.
Actually, I think that should work, too. On the "secure" server on
your LAN you would remove the "#" in front of the following line
time dgram udp wait root internal
in "/etc/inetd.conf" and "/sbin/init.d/inetd restart" should do the
trick. On the "client" you would use "/usr/sbin/netdate secure_server"
to set the time according to that server's time.
> The fewer ports are "open" on the "nasty" side, the better.
I hope the above makes sense. Have a look at "man netdate".
> Is there a secure method of obtaining times over the Internet?
Since you will obtain the time from a server within your LAN, this
should be safe, shouldn't it?
| < Previous | Next > |