Harlan Stenn <st...@ntp.org> wrote: > David Lord writes: >> I have "restrict -4 limited kod nomodify notrap nopeer noquery" >> >> I've not checked most recent docs but thought "limited" was >> needed for "kod". > > It is. > >> There were also some posts indicating that "kod" could be >> counter productive leading to self inflicted DOS. > > I'd love to learn more about this. I can only see this happening if one > has a seriously broken client.
You need to understand that the client is the attacker and that he can make his software as broken as he likes. So your server needs to be written and configured in such a way that even a broken client can not damage anything. "kod" is useless. it is not implemented in the majority of clients, and some broken clients react in a counter-productive way. The well-behaved client that implements kod does not need it. _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions