Achim Gratz <strom...@nexgo.de> said: > However, there is still value in the knowledge of which interface the packet > came in so that ntpd can place different levels of trust depending on > whether it's from a private (virtual) network segement, an internal or > public network. Also, this information would potentially be quite valuable > to get a better grip on asymmetric network delays, which are dominating the > residual timing error on many types of networks these days.
You can get most of that information from the dest IP address. I think that's all ntpd is doing. It's not really filtering on interface but on IP Address associated with the interface. The interesting case is when the box itself is a router. So a packet for address A might actually arrive on interface B expecting the box to forward it. A bad guy on network B could forge packets and still get them in. There is probably a security bug there, but I don't see one. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
