Re: [chrony-users] Add configuration option to disable randomized transmit timestamp

[ Thread Index | Date Index | More Archives ]

On Tue, Sep 28, 2021 at 11:21:30AM +0800, egg car wrote:
> Using peer mode on clients side does work as what client-server mode do,
> but it's still a little weird using peer mode in virtually client-server
> relationships.

It doesn't seem weird to me. The client/server mode enables the client
to synchronize to the server. The symmetric mode enables
synchronization in both directions, which is needed by the
monitoring node to measure the offset between its clock and the
client's clock.

> 2. As the large number of clients, monitoring them actively costs more
> resources,
> and I think 'enable them as NTP servers' doesn't provides more security
> than cancelling
> the random information in client packets.

It makes the monitoring more secure. If you only passively observe
requests, you don't know if it really came from the client or an
off-path attacker sending requests with a spoofed source address.

Miroslav Lichvar

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+