On 27/12/13 10:24, Rob wrote:
What is the NTP developers position on implementation of better
rate limiting options in ntpd?
There are more and more amplification attacks against ntp servers,
similar to those against open DNS resolvers. A small packet sent
with a spoofed source address
Hi,
I understand that whenever the server sets the Leap Indicator flag to 11 [not
synchronized] the default behavior of ntp client is to reject the server time
stamp.
Is there any configuration option for ntpd by which I can make the ntp client
to trust the server even in this case?
--
Arjun
On 2014-01-15, David Woolley wrote:
On 27/12/13 10:24, Rob wrote:
There are more and more amplification attacks against ntp servers,
similar to those against open DNS resolvers. A small packet sent with
a spoofed source address (allowed by a lame ISP) results in a large
reply from ntpd,
On 14/01/2014 14:58, Sanal, Arjun (NSN - IN/Bangalore) wrote:
Hi,
I understand that whenever the server sets the Leap Indicator flag to 11 [not
synchronized] the default behavior of ntp client is to reject the server time
stamp.
Is there any configuration option for ntpd by which I can make
On 2014-01-15, Steve Kostecke koste...@ntp.org wrote:
On 2014-01-15, David Woolley wrote:
On 27/12/13 10:24, Rob wrote:
There are more and more amplification attacks against ntp servers,
similar to those against open DNS resolvers. A small packet sent with
a spoofed source address (allowed
William Unruh un...@invalid.ca wrote:
On 2014-01-15, Steve Kostecke koste...@ntp.org wrote:
On 2014-01-15, David Woolley wrote:
On 27/12/13 10:24, Rob wrote:
There are more and more amplification attacks against ntp servers,
similar to those against open DNS resolvers. A small packet sent
On 2014-01-15, Rob nom...@example.com wrote:
William Unruh un...@invalid.ca wrote:
On 2014-01-15, Steve Kostecke koste...@ntp.org wrote:
On 2014-01-15, David Woolley wrote:
CERT have just issued an alert about the monlist attack:
https://www.us-cert.gov/ncas/alerts/TA14-013A (TA14-013A:
On 14.01.2014 18:53, William Unruh wrote:
On 2014-01-14, Terje Mathisen terje.mathi...@tmsw.no wrote:
The entire NTP ensemble, from the current machine and up to all its
sources, constitute a distributed control loop, right?
This means that the stability and eventual precision of any given
On 2014-01-15, Rob nom...@example.com wrote:
William Unruh un...@invalid.ca wrote:
On 2014-01-15, Steve Kostecke koste...@ntp.org wrote:
On 2014-01-15, David Woolley wrote:
On 27/12/13 10:24, Rob wrote:
There are more and more amplification attacks against ntp servers,
similar to those
Rob writes:
The default config shipped with ntpd, usually mostly provided by the
distributor, is often terrible. (remember the LOCAL clock?)
Yes, because there is no default configuration in the distribution.
That is left to the vendor to provide, as they know more about their
client base
William Unruh un...@invalid.ca wrote:
On 2014-01-15, Rob nom...@example.com wrote:
William Unruh un...@invalid.ca wrote:
On 2014-01-15, Steve Kostecke koste...@ntp.org wrote:
On 2014-01-15, David Woolley wrote:
On 27/12/13 10:24, Rob wrote:
There are more and more amplification attacks
William Unruh writes:
Why does nptd not disable external monitoring or command by default.
That way if someone wants to allow it, they have to actively do so,
presumably knowing what they are doing.
Because there is clear value in the monitoring information being made
generally available.
We
On 2014-01-15, Harlan Stenn st...@ntp.org wrote:
Rob writes:
The default config shipped with ntpd, usually mostly provided by the
distributor, is often terrible. (remember the LOCAL clock?)
Yes, because there is no default configuration in the distribution.
That is left to the vendor to
On 2014-01-15, Rob nom...@example.com wrote:
William Unruh un...@invalid.ca wrote:
I do not mean the default in the config file, I mean the default if
there is no config file or if nothing is set in the config file.
That only becomes meaningful when ntpd starts to actually work without
Steve Kostecke koste...@ntp.org wrote:
On 2014-01-15, Rob nom...@example.com wrote:
William Unruh un...@invalid.ca wrote:
I do not mean the default in the config file, I mean the default if
there is no config file or if nothing is set in the config file.
That only becomes meaningful when
William Unruh writes:
I do not mean the default in the config file, I mean the default if
there is no config file or if nothing is set in the config file.
Then ntpd won't connect to anything and there will be no data to report.
--
Harlan Stenn st...@ntp.org
http://networktimefoundation.org -
On 2014-01-15, Harlan Stenn st...@ntp.org wrote:
William Unruh writes:
Why does nptd not disable external monitoring or command by default.
That way if someone wants to allow it, they have to actively do so,
presumably knowing what they are doing.
Because there is clear value in the
On 2014-01-15, Harlan Stenn st...@ntp.org wrote:
William Unruh writes:
I do not mean the default in the config file, I mean the default if
there is no config file or if nothing is set in the config file.
Then ntpd won't connect to anything and there will be no data to report.
That was why
Hal Murray hal-use...@ip-64-139-1-69.sjc.megapath.net wrote:
Try something like:
statsdir /var/log/ntp/
filegen protostats type day link
That will get you things like:
56672 78792.947 PPS(0) 8054 84 reachable
56672 80327.947 GPS_NMEA(0) 80a3 83 unreachable
56672 80391.944 GPS_NMEA(0)
[invalid William has been trimmed from the cc list]
Harlan Stenn st...@ntp.org writes:
William Unruh writes:
I do not mean the default in the config file, I mean the default if
there is no config file or if nothing is set in the config file.
Then ntpd won't connect to anything and there
On 1/15/2014 7:18 PM, Greg Troxel wrote:
[invalid William has been trimmed from the cc list]
Harlan Stenn st...@ntp.org writes:
William Unruh writes:
I do not mean the default in the config file, I mean the default if
there is no config file or if nothing is set in the config file.
Then
Brian Utterback brian.utterb...@oracle.com writes:
On 1/15/2014 7:18 PM, Greg Troxel wrote:
[invalid William has been trimmed from the cc list]
Harlan Stenn st...@ntp.org writes:
William Unruh writes:
I do not mean the default in the config file, I mean the default if
there is no config
Bill,
For me, your information/attitude ratio (similar to a sigal/noise
ratio) skews towards trolldom enough that I often just don't bother
responding to what you write.
I would have sent this privately but I have no idea what your real email
address is.
H
--
William Unruh writes:
On
Greg Troxel writes:
Harlan Stenn st...@ntp.org writes:
William Unruh writes:
I do not mean the default in the config file, I mean the default if
there is no config file or if nothing is set in the config file.
Then ntpd won't connect to anything and there will be no data to report.
On 14/01/2014 14:58, Sanal, Arjun (NSN - IN/Bangalore) wrote:
Hi,
I understand that whenever the server sets the Leap Indicator flag to 11
[not synchronized] the default behavior of ntp client is to reject the
server time stamp.
Is there any configuration option for ntpd by which I can
25 matches
Mail list logo