What is the best place to find further documentation on this? (Or, do you have a recommended setup?)
All I'm able to find is http://www.eecis.udel.edu/~mills/ntp/html/accopt.html which suggests that "limited" may have no effect unless a "discard" line is specified as well. I'm curious what the recommended values are for that. Incidentally, on Fedora/CentOS/RHEL, the default is the same as mentioned on Debian -- the "kod" restriction is present, but "limited" is not. (And the "Secure NTP Template" on Team Cymru's site makes no mention of "kod" or "limited".) -- Matt On Sat, Jun 23, 2012 at 11:36 PM, Dave Hart <[email protected]> wrote: > Ted, your posted ntp.conf has: > > restrict -4 default kod notrap nomodify nopeer noquery > restrict -6 default kod notrap nomodify nopeer noquery > > If you're using ntpd 4.2.6 or later, you can consolidate that into a > single line omitting -4/-6. In any case, please consider adding > "limited" to your default restrictions, so that clients are > rate-limited and your server is less useful for spoofed-source-address > reflection attacks. Without "limited", the "kod" is useless -- it > controls only how ntpd responds to rate limit exceeded, but first you > have to have "limited" to enforce the rate limit. > > Cheers, > Dave Hart > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool >
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
