Public bug reported: The "restrict" row comments of the default /etc/ntp.conf configuration file should more explicity warn(!) against the dropping on "noquery" or similar options, because their removal might cause the server to become vulenrable to (become a party in) DoS attacks.
Many admins have mistakenly removed the block, thinking they have either enabled the server to be queried from the subnet in question or made it more usable by doing so. This resulted in a number of reflection attacks via NTP we have been seeing in the past few days. ** Affects: ntp (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1263703 Title: Warn on noquery in ntp.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1263703/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs