Displaying 1 result from an estimated 1 matches for "max_spa_packet_ag".
Did you mean:
max_spa_packet_age
2007 Feb 19
0
Quick demo guide for SPA ( re: the port knocking thread )
...ssage like 'remote time stamp is older
than 120 second max age.' then you have a clock sync
problem. (common when using vmware)
Notes: If you have trouble with clock drift and you dont
want to be bothered fixing it, you can make fwknop less
sensitive;
joe /etc/fwknop/fwknop.conf
change
MAX_SPA_PACKET_AGE 120;
to
MAX_SPA_PACKET_AGE 1200;
or similar (20 minute window)
Thanks to Michael Rash for his great pdf
(http://www.usenix.org/publications/login/2006-02/pdfs/rash.pdf)
which i blatently ripped content from for the good of the world.