On 2014-03-02, Brian Inglis <brian.ing...@systematicsw.ab.ca> wrote: > On 2014-03-01 15:43, boostinbad...@gmail.com wrote: >> My NTP server is part of the pool project and appears to be running fine. >> Comcast contacted me about a month ago to let me know that my NTP server was >> infected with a bot. I checked and everything seems to be ok. I re-enabled >> my server about a week ago and I received another phone call last week >> concerning security on my network. >> I contacted Ask and he said that it was not a bot but an issue with my >> server allowing management requests. I asked Ask how to properly configure >> my Meinberg client to not allow management requests because I understand >> that they can be problematic. I know the config for ntpd but I am not sure >> of the proper syntax for Meinberg. Can someone provide me with that info? > > Banner on http://support.ntp.org links to > http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using > and recommends restrict default noquery [and possibly other no... options] > or you could use restrict default ignore; also add disable monitor.
And why those are not the default I will never know. They should never have been on by default-- the problem was obvous 15 years ago, if nothing else in giving an attacker knowledge about your system. Things which go out to the broad internet should be off by default, and be switched on by the user who needs them. Just as ntpd does not have a list of servers it uses by default, but I guess people running ntp servers got burned by that one 20 years ago. > _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
