From a5b8a0cee842e12aa090449e042788b9eabc35da Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 22 Dec 2016 16:19:05 +0000 Subject: Fix multiple vulnerabilities of ntp. Approved by: so --- contrib/ntp/html/drivers/driver40.html | 4 ++-- contrib/ntp/html/miscopt.html | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'contrib/ntp/html') diff --git a/contrib/ntp/html/drivers/driver40.html b/contrib/ntp/html/drivers/driver40.html index 356429e..3b5f00f 100644 --- a/contrib/ntp/html/drivers/driver40.html +++ b/contrib/ntp/html/drivers/driver40.html @@ -16,7 +16,7 @@

JJY Receivers

Last update: - 15-May-2015 00:00 + 08-May-2016 00:00 UTC          ENGLISH   JAPANESE

Synopsis

@@ -136,7 +136,7 @@ {ENQ}1J{ETX}  -->  - {STX}JYYMMDD HHMMSSS{ETX} + {STX}JYYMMDDWHHMMSSS{ETX}
diff --git a/contrib/ntp/html/miscopt.html b/contrib/ntp/html/miscopt.html index bf4cfbf..6e03963 100644 --- a/contrib/ntp/html/miscopt.html +++ b/contrib/ntp/html/miscopt.html @@ -11,7 +11,7 @@ giffrom Pogo, Walt Kelly

We have three, now looking for more.

Last update: - 17-May-2016 06:26 + 9-Nov-2016 12:26 UTC


Related Links

@@ -145,10 +145,12 @@
Specifies the stepout threshold in seconds. The default without this command is 300 s. Since this option also affects the training and startup intervals, it should not be set less than the default. Further details are on the Clock State Machine page.
-
tos [beacon beacon | ceiling ceiling | cohort {0 | 1} | floor floor | maxclock maxclock | maxdist maxdist | minclock minclock | mindist mindist | minsane minsane | orphan stratum | orphanwait delay]
+
tos [bcpollbstep poll-gate | beacon beacon | ceiling ceiling | cohort {0 | 1} | floor floor | maxclock maxclock | maxdist maxdist | minclock minclock | mindist mindist | minsane minsane | orphan stratum | orphanwait delay]
This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:
+
bcpollbstep poll-gate
+
This option will cause the client to delay believing backward time steps from a broadcast server for bcpollbstep poll intervals. NTP Broadcast networks are expected to be trusted, and if the server's time gets stepped backwards then it's desireable that the clients follow this change as soon as possible. However, in spite of various protections built-in to the broadcast protocol, it is possible that an attacker could perform a carefully-constructed replay attack and cause clients to erroneously step their clocks backward. If the risk of a successful broadcast replay attack is greater than the risk of the clients being out of sync in the event that there is a backward step on the broadcast time servers, this option may be used to cause the clients to delay beliveving backward time steps until poll-gate consecutive polls have been received. The default is 0, which means the client will accept these steps upon receipt. Any value from 0 to 4 can be specified.
beacon beacon
The manycast server sends packets at intervals of 64 s if less than maxclock servers are available. Otherwise, it sends packets at the beacon interval in seconds. The default is 3600 s. See the Automatic Server Discovery page for further details.
ceiling ceiling
-- cgit v1.1