Nyamul Hassan kirjoitti:
From the documentation, and all literature that I can find on the internet,
it seems any remote client who needs to talk to our NTP servers on UDP 123,
must also originate the request from UDP 123. Considering this, we have
firewalled any traffic for/from UDP 123 on our servers that does not
start/end in UDP 123 on the remote machines.
Could someone confirm if this is correct? Or are we blocking legitimate
reqeusts as well?
You are blocking legitimate requests as well. One example: traffic
coming from behind NAT firewalls. NAT changes the source port to some
other port.
Adding "limited kod" to your "restrict default" line in ntp.conf is
usually a rather good countermeasure. I would also suggest adding
"noquery" to that line to prevent the recent NTP amplification attacks.
See http://support.ntp.org/bin/view/Support/AccessRestrictions and
http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
