Windows NTP Internet & fault-tolerance (multiple NTP servers)

Windows NTP Internet & fault-tolerance (multiple NTP servers)

Post by michael » Thu, 17 Nov 2005 15:09:44


Hopefully I'm in the right group. Microsoft states in KB884776
"Configuring the Windows Time service against a large time offset"
"We highly recommend that you configure the authoritative time server
to gather the time from a hardware source. When you configure the
authoritative time server to sync with an Internet time source, there
is no authentication."

I suppose here MS are warning against possible spoofing of time
servers. Has anyone heard anything in relation to this issue, or have
a better idea of what Microsoft means here?

Also from the FAQ for protocols.time.ntp
( http://www.yqcomputer.com/ ):

NTP is a fault-tolerant protocol that will automatically select the
best of several available time sources to synchronize to. Multiple
candidates can be combined to minimize the accumulated error.
Temporarily or permanently insane time sources will be detected and
avoided.

I'd like to hear from people who have had experience configuring
multiple external NTP Servers (ie fault tolerance) for Windows NTP,
either for Windows 2000 or 2003. How did you set it up and what sort
of results have you had?

Cheers

Michael
 
 
 

Windows NTP Internet & fault-tolerance (multiple NTP servers)

Post by Harlan Ste » Fri, 18 Nov 2005 05:45:09

I think their statement can be taken at face value.

If you are concerned that somebody will know what time server you are using
and will spoof it, the software from ntp.org can be used to address this
issue by:

- using multiple servers
- using authentication

H

 
 
 

Windows NTP Internet & fault-tolerance (multiple NTP servers)

Post by maye » Fri, 18 Nov 2005 12:00:03


Microsoft only supports SNTP and incorrectly at that. I don't recommend
anyone to run Microsoft's implementation, though I am of course prejudiced.


This is the implementation that this mailing list/newsgroup deals with.


Meinberg has created an excellent installer for this implementation of
NTP and helps you set up your configuration file. If you don't want to
go through the pain of doing this by hand it's an excellent choice.

Danny

_______________________________________________
questions mailing list
XXXX@XXXXX.COM
https://lists.ntp.isc.org/mailman/listinfo/questions
 
 
 

Windows NTP Internet & fault-tolerance (multiple NTP servers)

Post by michael » Sat, 19 Nov 2005 14:54:30

Microsoft does state it supports NTP, but only with Windows 2003.
Having said that I wouldn't have a clue as to how fully NTP has been
ported to the MS code.

Has anyone heard of NTP servers being spoofed to try and bring a
network down? Is it possible, if so how easy is it to spoof a time
server? Wouldn't you need to have the same IP address, or I'm probably
showing my ignorance of hacking techniques..


I'd do it but I doubt it would co-exist with the MS services that
depend on Windows Time, unless you could get Windows Time to somehow
rely on it...

Thanks

Michael