On 2013-12-23, Jure Sah wrote:
> On 23. 12. 2013 15:13, Rob wrote:
>
> For noquery I understand, but for "nopeer"? The manual page states:
>
>> Deny packets that might mobilize an association unless authenticated.
>> This includes broadcast, symmetric-active and manycast server
>> packets when a
On 2013-12-23, Jure Sah wrote:
> I am an administrator of a public NTP server joined to "pool.ntp.org".
> Our server has recently been an unwilling party to a NTP UDP based
> bounce attack and have received the report attached below.
[snip]
> I am using ntpd version 4.2.6p3. I have searched tro
Jure Sah wrote:
>
> Hi,
>
> On 23. 12. 2013 15:13, Rob wrote:
>> Jure Sah wrote:
>>> Wouldn't noquery or nopeer also prevent your timeserver from
>>> being used by other timeservers? Or at least limit usability?
>>
>> Not really. It limits the possibilities of debugging from remote
>> (e.g. to
Jure Sah wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I am an administrator of a public NTP server joined to "pool.ntp.org".
Our server has recently been an unwilling party to a NTP UDP based
bounce attack and have received the report attached below.
I would like to continue off
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 23. 12. 2013 15:16, Rob wrote:
> The sender of this report does not really have a clue.
>
> However, you should investigate if your server is or has been
> running unsynchronized. If it is, it does not belong in the pool.
>
> If not, maybe i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 23. 12. 2013 15:13, Rob wrote:
> Jure Sah wrote:
>> Wouldn't noquery or nopeer also prevent your timeserver from
>> being used by other timeservers? Or at least limit usability?
>
> Not really. It limits the possibilities of debugging from r
Jure Sah wrote:
> Wouldn't noquery or nopeer also prevent your timeserver from being
> used by other timeservers? Or at least limit usability?
Not really. It limits the possibilities of debugging from remote
(e.g. to look what servers you are synced to), but it does not limit
the use as a regula
Jure Sah wrote:
>
> Hello,
>
> I am an administrator of a public NTP server joined to "pool.ntp.org".
> Our server has recently been an unwilling party to a NTP UDP based
> bounce attack and have received the report attached below.
>
> I would like to continue offering my server in the pool, but I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
On 21. 11. 2013 18:12, Michael Sinatra wrote:
>> How can I disable this behavior of ntpd?
>
> There are several ways, but having a basic 'restrict' statement in
> your config like this will help mitigate this attack:
>
> restrict default noqu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I am an administrator of a public NTP server joined to "pool.ntp.org".
Our server has recently been an unwilling party to a NTP UDP based
bounce attack and have received the report attached below.
I would like to continue offering my server in
10 matches
Mail list logo
