On 11/11/2014 15:57, Brian Inglis wrote:
On 2014-11-11 04:07, David Taylor wrote:
[]
I have no restrict statements at all, but I'm not offering my NTP
servers for public use.
Are you sure?
Even if they are not being offered, does not mean they are not being used.
Your systems are well documented, so folks could try using them as servers.
Never seen any counts in the last columnn or six of sysstats?
[Presume sysstats columns report the server's responses to incoming
packets rather than other servers responses to its outgoing packets
- this is unclear!]
People spend a lot of time trolling the internet for unprotected systems
and ports they can exploit for attacks.
Please add the recommended restrict options to lock your systems up, and
then the required options to open up to your sources, LAN(s), and hosts.
I just ran a Gibson Shields Up check on port 123 and it said I was in
what it calls "perfect stealth" mode. Perhaps that is a sign that I am
OK externally without restrict lines?
--
Cheers,
David
Web: http://www.satsignal.eu
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
