SecureSync and NetClock 9400 units can process over 7,500 NTP requests per second. This capability is per system based on its main network processor. The model 1204-06 Gb Ethernet Option Module simply splits this bandwidth across its four different network interfaces.
Microsoft Windows PCs (such as Windows XP, 2000, 2003, 2008, 7, etc) can be configured to sync to a Spectracom NTP time server. Many newer versions of Windows use the built-in "Windows Time Service (aka W32Time) for external time synchronization. Spectracom's "Synchronizing Windows Computers" Tech Note assists with configuring Windows computers..
Thirteen low and medium severity vulnerabilities were identified in NTP versions 4.2.8p3 and earlier. This affects SecureSync and NetClock 9400 products running SW versions 5.3.0 and earlier, and all NetClock 9200/9300 product versions.
By factory default configuration, all nodes and subnets on the time server's network (s) have access to NTP. However, it may be desired to restrict NTP access from/to only one or more individual nodes or subnets. The Time server supports this capability of limiting access to NTP via its available"NTP Access Restriction" configuration
NTP reports a "Ref ID" for each configured reference that it can sync with. With the System Reference, this will start out as ".GPS", or some other value based on the sycnhronizing reference, but it may also change to ".PPS." later on in systems with SecureSync/NetClock SW versions 5.2.0 and earlier.
Several NTP vulnerabilities are associated NTP’s NTPQ or NTPDC functionality. The Spectracom SecureSync and NetClock 9400 defaults NTPQ/NTDC to be disabled which mitigates these types of vulnerabilities. Note that NTPQ and NTPDC being disabled does not affect the operation of NTP synchronizing clients on the network.
On December 18, 2014, several NTP vulnerabilities were published as CVE-2014-9293 thru 9296. The vulnerabilities are based on queries from an unknown entity. By default external queries are turned off in SecureSync and NetClock products and are appropriate mitigation against these vulnerabilities.
SecureSync and NetClock time servers have the ability to sync to several types of external time references (such as GPS and/or IRIG for examples). But they also have the ability to sync to itself, using the "User" mode. The User mode allows the time server to go to NTP Stratum 1 without the need for external references to be applied.
When using PresenTense software to sync a Windows network, typically all nodes are synced with PresenTense. However, it may be desired to sync just the Domain Controller (DC) to the NTP server using PresenTense software and to sync the Windows clients to the DC using the Windows Time Service. This can be done by installing PresenTense Client software on the Domain Controller and then modifying the Advanced Settings of the PresenTense Client software to allow PresenTense and Windows Time to work in conjunction with each other.
ntpdc monlist command can be run from the command line interface to ID the NTP Clients
Spectracom disables NTP queries by default so is not at risk for the vulnerability described in CVE-2013-5211. However we recommend you verify the NTP server has not been configured to allow queries or you have adequate network security to reduce the risk of an attack due to monlist
Windows w32tm has a utility called "stripchart" which can provide periodic (such as every two seconds by default) time differences between a Windows PC and an NTP server on the network. This can either be the same NTP server that it normally syncs with, or any other NTP server on the network.
The Reference Status table (Status -> Time and Frequency page of the browser) reports the validity of the input references (not outputs). NTP output status is indicated at the top of the Status -> NTP page of the browser.
The web address for the official home of the NTP project.
Automachron (freeware) is a great utility for testing the NTP output of a Spectracom NTP time server.