Steve Kostecke <koste...@ntp.org> writes: > On 2013-12-27, detha <de...@foad.co.za> wrote: > >> A first step would be to have a default configuration where any >> functionality that can be used for reflection attacks with more than a say >> 2:1 ratio needs to be explicitly enabled, with warnings about this in the >> sample config file(s). > > The NTP Reference Implementation has no default use case. So there is no > "baked-in" sensible default configuration. Some view this as a feature.
I think that's a bug. There are in my view two default cases: setting up the local machine to synchronize from organization/local s3 or so servers. setting up a few machines to be the above s3ish servers In both cases, there is no need to allow monlist-or-equivalent from other than localhost, and no real harm in answering time queries. The other significant use case is running a s1, but a) those people are expected to be more clueful and b) the above rules don't hurt that case either.
pgpFv0dzYeYsJ.pgp
Description: PGP signature
_______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
