[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] How much is FW-1 sensitve to clock skew between modules?

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] How much is FW-1 sensitve to clock skew between modules?
From: Jochen Fritzenkoetter <jf@netuse.de>
Date: Thu, 11 Nov 1999 11:06:06 +0100 (MET)


Hallo!

Sometimes I run across FW-1 systems, where firewall and management modules
reside on different hosts with a clock skew between these hosts of more
than several seconds. One customer has a difference of approximately 5 minutes
between manager and gateway:

manager: date
Thu Nov 11 10:26:18 MET 1999

gateway: date
Thu Nov 11 10:21:01 MET 1999

Ie: manager is ahead in time. The obvious solution is of course to use some
kind of time server.

My question: Should'nt this have an effect on the authentication protocol
between the two modules, e.g. regarding possible replay attacks, or 
are there other implications of clock skews, such as the gateway not being
able to log to the manager (as it is a problem with this customer)? 

Ciao,
Jochen

-- 
Jochen Fritzenkoetter
NetUSE Kommunikationstechnologie GmbH
Siemenswall, D-24107 Kiel, Germany
Fon: +49 431 386435 00   --   Fax: +49 431 386435 99




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] State Sync in 4.1 Beta
Next by Date: [FW1] java loading
Prev by thread: Re: [FW1] Whati is security level in Firewall-1 v4.0 or 4.1
Next by thread: [FW1] java loading
Index(es):
- Date
- Thread