r1 - 2007-07-25 - 05:09:34 - HarlanStennYou are here: NTP >  Support Web > WebOrder > TimeScales
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to use in a distributed denial-of-service (DDoS) attack. Please also take this opportunity to defeat denial-of-service attacks by implementing ingress and Egress filtering through BCP38.

A new set of mode 6 vulnerabilities has been discovered and, while these vulnerabilities can be reduced by making sure you have restrict default noquery in your ntp.conf file, the best and most complete way to avoid these vulnerabilities is to install and deploy ntp-4.2.8 which was released on 18 December 2014.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
REFACTOR See TimeScalesDev for discussion of this topic.

15. Time Scales

There are two primary time scales used today, TAI and UTC.

As of 2006, TAI is ahead of UTC by 23 seconds. This is really not true, but somebody else is going to have to document why the answer is really 33 seconds but we only see 23 of them. The simplistic, short (and possibly true) answer is that the "extra" 10 seconds happened before 1972, and computers mostly don't worry about tracking seconds before 1972.

If you run the date command on a system that is synchronized with NTP and the time appears to be 23 seconds off, the odds are good that your time is being reported using a TAI (right) timescale instead of a UTC (posix) timescale.

Unix-like systems (for example) generally have timezone files in them, and in most cases the UTC (posix) versions of these files are used.

Many Linux systems, however, are built so the TAI (right) zoneinfo files are used. If this is the case, you will see the leapsecond discrepancy (in addition to any timezone correction) if you type date ; date -u at a shell prompt.

Recent versions of CentOS Linux (Release 4 & 5) and Red Hat Linux (Enterprise 4 & 5) may be configured for POSIX time zones as follows.

A system's time zone may be changed by linking or copying a time zone file in the /usr/share/zoneinfo directory to /etc/localtime. As an example, to specify the POSIX US Eastern time zone use the command:

 ln -sf /usr/share/zoneinfo/posix/US/Eastern /etc/localtime 

or, alternatively, simply copy the file:

 cp /usr/share/zoneinfo/posix/US/Eastern /etc/localtime

Also, the /etc/sysconfig/clock file should be edited to specify the correct time zone and change the UTC line to either UTC=true or UTC=false as appropriate. As an example, for the POSIX US Eastern time zone the /etc/sysconfig/clock file should read:


The time zone that is currently being used is specified by the /etc/localtime zone file whereas all of the generic time zone files reside in the /usr/share/zoneinfo directory. Specifically, the POSIX zone files are stored in the /usr/share/zoneinfo/posix directory.

Configuring the time zone in versions of Linux other than CentOS and Red Hat should be very similar to the above.

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2015 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback