From: robbie (robbie@packetized.org)
Date: Fri Mar 11 2005 - 01:42:35 GMT-3
azhar mumtaz wrote:
> Hi Team:
>
> I have a question regarding NTP broadcast and NTP
> broadcast client. I dont know what are the advantages
> and disadvantages of using these two commands. I am
> particularly interested in the disadvantage portion,
> as I read that ntp broadcast client command is not
> recommended but I did not find any reason why. This
> is what I found on the cisco website
>
> ntp broadcast
>
> To configure the system to send Network Time Protocol
> (NTP) broadcast packets on a specified interface, use
> the ntp broadcast command in interface configuration
> mode. To disable this capability, use the no form of
> this command.
>
> ntp broadcast client
>
> To configure the system to receive Network Time
> Protocol (NTP) broadcast packets on a specified
> interface, use the ntp broadcast client command in
> interface configuration mode. To disable this
> capability, use the no form of this command.
I would imagine that the primary reason that the 'ntp broadcast client'
command is frowned upon is that in the event of a poorly configured
network, an attacker could force time changes on a router by using
directed broadcast NTP packets. I would never want to have a router be
*told* what time it is; instead, it should be asking a trusted source,
preferably with an authentication key of some sort.
robbie
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:44 GMT-3