Re: [chrony-users] Add configuration option to disable randomized transm

Re: [chrony-users] Add configuration option to disable randomized transmit timestamp

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] Add configuration option to disable randomized transmit timestamp
From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Wed, 29 Sep 2021 09:51:37 +0200
Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632901902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=8fhOKwB6lx4RQbkA8xs1Tuk1cBYuxKYoK4g2LSyshQk=; b=LoF2oTcqScbb76gjVHr4m6D7F19ehSXikVpGaUmN34ZoFd4fpkSLRCaTJxoJuFZ0DOqNC3 lnXmu3fSW/y4wRrlOkh/zcFyBNx8uMdJ2SmjgijuSBTTtjrrZIS6MWh+WciY2nwyuWF+UQ rMyYj+XP5S6MltfGTsXG5FSXzQhLKOU=

On Tue, Sep 28, 2021 at 11:21:30AM +0800, egg car wrote:
> Using peer mode on clients side does work as what client-server mode do,
> but it's still a little weird using peer mode in virtually client-server
> relationships.

It doesn't seem weird to me. The client/server mode enables the client
to synchronize to the server. The symmetric mode enables
synchronization in both directions, which is needed by the
monitoring node to measure the offset between its clock and the
client's clock.

> 2. As the large number of clients, monitoring them actively costs more
> resources,
> and I think 'enable them as NTP servers' doesn't provides more security
> than cancelling
> the random information in client packets.

It makes the monitoring more secure. If you only passively observe
requests, you don't know if it really came from the client or an
off-path attacker sending requests with a spoofed source address.

-- 
Miroslav Lichvar

-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-users] Add configuration option to disable randomized transmit timestamp
  - From: egg car
- Re: [chrony-users] Add configuration option to disable randomized transmit timestamp
  - From: Miroslav Lichvar
- Re: [chrony-users] Add configuration option to disable randomized transmit timestamp
  - From: egg car

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-users] Add configuration option to disable randomized transmit timestamp
Next by Date: [chrony-users] Allow command do not work as expected
Previous by thread: Re: [chrony-users] Add configuration option to disable randomized transmit timestamp
Next by thread: [chrony-users] Allow command do not work as expected

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/