NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to use in a distributed denial-of-service (DDoS) attack. Please also take this opportunity to defeat denial-of-service attacks by implementing ingress and Egress filtering through BCP38. See TimeScalesDev for discussion of this topic.
A new set of mode 6 vulnerabilities has been discovered and, while these vulnerabilities can be reduced by making sure you have
restrict default … noquery in your
ntp.conf file, the best and most complete way to avoid these vulnerabilities is to install and deploy
ntp-4.2.8 which was released on 18 December 2014.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
15. Time Scales
There are two primary time scales used today, TAI
As of 2006, TAI is ahead of UTC by 23 seconds. This is really not true, but somebody else is going to have to document why the answer is really 33 seconds but we only see 23 of them. The simplistic, short (and possibly true) answer is that the "extra" 10 seconds happened before 1972, and computers mostly don't worry about tracking seconds before 1972.
If you run the
command on a system that is synchronized with NTP and the time appears to be 23 seconds off, the odds are good that your time is being reported using a TAI (
) timescale instead of a UTC (
Unix-like systems (for example) generally have timezone files
in them, and in most cases the UTC (
) versions of these files are used.
Many Linux systems, however, are built so the TAI (
files are used. If this is the case, you will see the leapsecond discrepancy (in addition to any timezone correction) if you type
date ; date -u
at a shell prompt.
Recent versions of CentOS Linux (Release 4 & 5) and Red Hat Linux
(Enterprise 4 & 5) may be configured for POSIX time zones as follows.
A system's time zone may be changed by linking or copying a time zone
file in the
. As an
example, to specify the POSIX US Eastern time zone use the command:
ln -sf /usr/share/zoneinfo/posix/US/Eastern /etc/localtime
or, alternatively, simply copy the file:
cp /usr/share/zoneinfo/posix/US/Eastern /etc/localtime
file should be edited to specify the
correct time zone and change the
line to either
As an example, for the POSIX US Eastern
time zone the
file should read:
The time zone that is currently being used is specified by the
zone file whereas all of the generic time zone files
reside in the
Specifically, the POSIX
zone files are stored in the
Configuring the time zone in versions of Linux other than CentOS and Red
Hat should be very similar to the above.