On Mon, Jan 09, 2023 at 12:15:23PM +, akihiko.iz...@sony.com wrote:
> > chrony does not implement any modes that could amplify NTP traffic
>
> Thank you.
> But I afraid NTP server is vulnerable to spoofed source IP address of NTP
> client, it may participate DDoS attacks ev
em.
Best Regards,
-Original Message-
From: Miroslav Lichvar
Sent: Monday, January 2, 2023 6:56 PM
To: chrony-users@chrony.tuxfamily.org
Subject: Re: [chrony-users] RE: Can we deny non-NTS client?
On Tue, Dec 20, 2022 at 11:14:04AM +, akihiko.iz...@sony.com wrote:
> I conside
Hello,
When we run Chrony as public NTP server, is it possible to deny NTP clients
which do not support NTS?
If it possible, I would like to know how to setup so.
A public NTP server which accept both normal(non-NTS) NTP request and NTS
request may suffer attacks both to normal NTP servers and
to be investing in NTP5 Python development
and may not have time.
-邮件原件-
发件人: akihiko.iz...@sony.com [mailto:akihiko.iz...@sony.com]
发送时间: 2022年12月20日 19:14
收件人: chrony-users@chrony.tuxfamily.org
主题: [chrony-users] RE: Can we deny non-NTS client?
> The existing configuration parameters
should not contain the field for rejecting clients that do not
support the NTS function. To prevent attacks, you can limit the IP address or
ntsratelimit.
-邮件原件-----
发件人: akihiko.iz...@sony.com [mailto:akihiko.iz...@sony.com]
发送时间: 2022年12月19日 20:00
收件人: chrony-users@chrony.tuxfamily.org
主题: [c
-users] RE: Can we deny non-NTS client?
On Wed, Jan 11, 2023 at 02:31:11AM +, akihiko.iz...@sony.com wrote:
> Thank you for clarifying my question. I learned a lot.
>
> > it would not be sent as there is an additional check made before
> > transmission comparing the length o