William Unruh <un...@invalid.ca> wrote: > On 2014-01-15, Steve Kostecke <koste...@ntp.org> wrote: >> On 2014-01-15, David Woolley wrote: >> >>> On 27/12/13 10:24, Rob wrote: >>> >>>> There are more and more amplification attacks against ntp servers, >>>> similar to those against open DNS resolvers. A small packet sent with >>>> a spoofed source address (allowed by a lame ISP) results in a large >>>> reply from ntpd, sent to the victim of the attack. >>> >>> CERT have just issued an alert about the monlist attack: >>><https://www.us-cert.gov/ncas/alerts/TA14-013A> (TA14-013A: NTP >>>Amplification Attacks Using CVE-2013-5211). The advice is upgrade or >>>use restrict. >> >> Upgrade _or_ use noquery _or_ disable monitor >> >> Information at http://support.ntp.org/security > > Why does nptd not disable external monitoring or command by default. > That way if someone wants to allow it, they have to actively do so, > presumably knowing what they are doing.
The default config shipped with ntpd, usually mostly provided by the distributor, is often terrible. (remember the LOCAL clock?) _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions