Re: [SLUG] Firewall security audit report

[Crossfire]

Howard Lowndes was once rumoured to have said:
> Can you do stateful inspections on ntp though?  It runs on udp.  Is this
> possible?  You can define what servers you will accept ntp from, but
> surely the source IP could be easily spoofed anyway.  I don't know how you
> would go trying to do an auth transfer from, say, CSIRO.

Yes.  NTP is very simple protocol.

You open the return path once you send the NTP "request" packet, and
close it within a reasonable timeframe.  If you're getting a large
number of reply packets any other time, you just block, and don't
open.

Also, use the fact that ntpd permits multiple servers.

C.
-- 
--==============================================--
  Crossfire      | This email was brought to you
  [EMAIL PROTECTED] | on 100% Recycled Electrons
--==============================================--

-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug