Sad Clouds <cryintothebluesky%gmail.com@localhost> writes: > On Sat, 17 Oct 2020 10:33:28 +0200 > Martin Husemann <martin%duskware.de@localhost> wrote: > >> For things w/o RTC clock (that are unlikely to travel from airport >> wlan to next airport wlan) I usually do not want them to use any >> *external* IPs at all (while for me hard coded or dhcp provided local >> IPs work fine). >> >> I also do not want my ISP, Cloudflare, Google, or some hacker having >> access at either of them to be able to tell when "some thing" in my >> local network boots. >> >> Martin > > I'm not sure I follow you. You don't want your NTP traffic to go outside > your local network, so I'm assuming you run your own local NTP servers > that synchronize with some trusted server on the Internet? > > I'm not an expert on NTP, but what sort of information do you think it > could leak that could compromise your system security? There are ways > for hackers to abuse NTP protocol, but that is where you should be using > NTS extensions. I can completely see where Martin is coming from, even if it's on the paranoid side - but NetBSD has a tradition of not offending paranoids by default. Certainly one can have a local server and point local things to it. By default we don't enable NTP, but the default config has the pool. I find contacting random pool servers not a real problem, but connecting to anything connected with a big company that might think it ok to store data of what happened and use it later is potentially concerning. I also realize this is turtles all the way down tand the next question is leaking information about DNS. But I don't think we should be configuring talking to Gooogle anything or even Cloudflare.
Description: PGP signature