NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to use in a distributed denial-of-service (DDoS) attack. Please also take this opportunity to defeat denial-of-service attacks by implementing ingress and Egress filtering through BCP38. See TimeScalesDev for discussion of this topic.
The final two security bugs reported by Google's Security Team have been fixed as of ntp-4.2.8p1.
A new set of mode 6 vulnerabilities has been discovered and, while these vulnerabilities can be reduced by making sure you have
restrict default … noquery in your
ntp.conf file, the best and most complete way to avoid these vulnerabilities is to install and deploy
ntp-4.2.8p1 which was released on 04 February 2015.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
15. Time Scales
There are two primary time scales used today, TAI
As of 2006, TAI is ahead of UTC by 23 seconds. This is really not true, but somebody else is going to have to document why the answer is really 33 seconds but we only see 23 of them. The simplistic, short (and possibly true) answer is that the "extra" 10 seconds happened before 1972, and computers mostly don't worry about tracking seconds before 1972.
If you run the
command on a system that is synchronized with NTP and the time appears to be 23 seconds off, the odds are good that your time is being reported using a TAI (
) timescale instead of a UTC (
Unix-like systems (for example) generally have timezone files
in them, and in most cases the UTC (
) versions of these files are used.
Many Linux systems, however, are built so the TAI (
files are used. If this is the case, you will see the leapsecond discrepancy (in addition to any timezone correction) if you type
date ; date -u
at a shell prompt.
Recent versions of Debian, Ubuntu, Arch, Fedora, and other systemd-based distributions may be configured for POSIX time zones as follows.
A system's time zone may be changed by linking a time zone file
. As an example, to specify the POSIX US Eastern time zone use the command:
ln -Tsf /usr/share/zoneinfo/posix/US/Eastern /etc/localtime
or, using systemd (which will also adjust pre-systemd files
on Debian and
timedatectl set-timezone posix/US/Eastern
The time zone that is currently being used is specified by the
zone file whereas all of the generic time zone files reside in the
directory. Specifically, the POSIX zone files are stored in the