On 2013-11-21, Michael Sinatra <[email protected]> wrote: > There are several ways, but having a basic 'restrict' statement in > your config like this will help mitigate [reflection attacks]: > > restrict default noquery nomodify notrap nopeer > restrict -6 default noquery nomodify notrap nopeer > > I believe the key command is 'noquery' which means that the server > can't be queried for information (it does NOT affect the server's > ability to respond to time requests).
The access control directives mentioned above are documented at http://doc.ntp.org/4.2.6p5/accopt.html (stable release) and at http://www.eecis.udel.edu/~mills/ntp/html/accopt.html (development release). [snip] > (I am also interested in how others are locking down public NTP > servers.) You want to take a look at the Support.AccessRestrictions topic in our community supported documentation. It is at http://support.ntp.org/Support/AccessRestrictions -- Steve Kostecke <[email protected]> NTP Public Services Project - http://support.ntp.org/ _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
