Dag-Erling Smørgrav writes: >Joe Malcolm <[email protected]> writes: >> I'm no expert on ntp.conf, but this appears in my ntp.conf on one of >> my FreeBSD systems: >> >> restrict default kod nomodify notrap nopeer noquery >> restrict -6 default kod nomodify notrap nopeer noquery >> >> However, it also has these: >> >> restrict 127.0.0.1 >> restrict -6 ::1 >> restrict 127.127.1.0 > >These work on a "last match" basis. The latter three lines lift all >restrictions for localhost, so you can still "ntpq -pn" your own server, >but nobody else can.
Thanks. So, if I understand correctly, the shipped config is vulnerable to local (same-host) attackers, not remote ones. joe _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
