Implementation: Client side Forgery - what if someone sends us forged ntp replies? when we send our query, we set the "transmit timestamp" to a random cookie, and store both our cookie and the real transmit timestamp locally servers are required to copy that timestamp verbatim into the "originate timestamp" in the reply upon receival of the reply, we check that the originate timestamp matches the cookie we sent with the query - if they don't match, we have a case of forgery