-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
On 21. 11. 2013 18:12, Michael Sinatra wrote: >> How can I disable this behavior of ntpd? > > There are several ways, but having a basic 'restrict' statement in > your config like this will help mitigate this attack: > > restrict default noquery nomodify notrap nopeer restrict -6 default > noquery nomodify notrap nopeer > > I believe the key command is 'noquery' which means that the server > can't be queried for information (it does NOT affect the server's > ability to respond to time requests). However, the other options > will also protect your public time server. (I am also interested > in how others are locking down public NTP servers.) Wouldn't noquery or nopeer also prevent your timeserver from being used by other timeservers? Or at least limit usability? LP, Jure -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlK4QaEACgkQB6mNZXe93qggxACeO7Yxis3LZdZCUvGwcc2BpnIK sIkAn2BUYxuGuTFmL4L8VXKYjyyGugum =3c1N -----END PGP SIGNATURE----- _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
