sorry for the noise, we are fine.
The link in your commit explains it.
noquery does the trick indeed.
On Mon, Feb 24, 2014 at 7:22 PM, Mathijs Kwik wrote:
> Eelco Dolstra writes:
>
>> On 24/02/14 17:27, Mathijs Kwik wrote:
>>
>>> Our ntpd version (stable, 2011) contains a feature called 'monlis
Eelco Dolstra writes:
> On 24/02/14 17:27, Mathijs Kwik wrote:
>
>> Our ntpd version (stable, 2011) contains a feature called 'monlist',
>> which is enabled by default. This feature has recently been abused by
>> huge ntp-amplification ddos attacks.
>
> AFAIK, this commit works around the problem
On 24/02/14 17:27, Mathijs Kwik wrote:
> Our ntpd version (stable, 2011) contains a feature called 'monlist',
> which is enabled by default. This feature has recently been abused by
> huge ntp-amplification ddos attacks.
AFAIK, this commit works around the problem:
https://github.com/NixOS/nixpk
After some more investigation, I think we should just add "disable
monitor" to nixos' ntpd.conf.
It seems the monitoring functionality is not needed for normal
operation so it was a mistake (upstream) to enable it by default.
However, it is not a security vulnerability for the system itself, so
no
Excerpts from Mathijs Kwik's message of Mon Feb 24 16:27:58 + 2014:
> Our ntpd version (stable, 2011) contains a feature called 'monlist',
> which is enabled by default. This feature has recently been abused by
> huge ntp-amplification ddos attacks.
I'd say its a strong reason - so at least mak
Hi all,
Our ntpd version (stable, 2011) contains a feature called 'monlist',
which is enabled by default. This feature has recently been abused by
huge ntp-amplification ddos attacks.
However, the vulnerability has only been fixed in the development
version and security firms recommend upgrading