Tobias Reckhard wrote:

> The other problem is that you can establish control connections to an NTP
> daemon using the same interface as the programs ntpq and ntpdc from the NTP
> distro. You should definitely use the access control options of NTP to not
> allow those from the Internet and from the inside only after successful
> authentication.

I was thinking of using K9 (see http://www.kaska.demon.co.uk/k9.htm) on the client side. It is available for Windows and Linux, small, easy to install and listens to NTP broadcasts. Therefore, I see no need to allow access the firewall's "xntp" even from my trusted network, as the firewall will provide the NTP broadcasts. Or is there any security issue regarding NTP broadcasts which I missed?


Mit freundlichen Grüssen / Regards

Dipl. Inform. Ralph Seichter
ISC Informatik Service & Consulting GmbH
Tel +49 2241 867-0     mailto:r.seichter@isc-inf.com
Fax +49 2241 867-222   http://www.isc-inf.com/