I know it's a long time, but I'm cleaning up old NTP bugs atm.
While it is true that the comments could (have been) be more explicit
the risk of being part of a DRDoS attach has been fixed upstream. See
http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.1.3.
Recent releases have these versions (or newer), therefore setting fix
released.
** Changed in: ntp (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1263703
Title:
Warn on noquery in ntp.conf
Status in ntp package in Ubuntu:
Fix Released
Bug description:
The "restrict" row comments of the default /etc/ntp.conf configuration
file should more explicity warn(!) against the dropping on "noquery"
or similar options, because their removal might cause the server to
become vulenrable to (become a party in) DoS attacks.
Many admins have mistakenly removed the block, thinking they have
either enabled the server to be queried from the subnet in question or
made it more usable by doing so. This resulted in a number of
reflection attacks via NTP we have been seeing in the past few days.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1263703/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
