[ntp:questions] better rate limiting against amplification attacks?

Harlan Stenn stenn at ntp.org
Fri Dec 27 20:34:28 UTC 2013

Greg Troxel writes:
> --=-=-=
> Content-Type: text/plain
> Harlan Stenn <stenn at ntp.org> writes:
> > Garrett Wollman writes:
> >> Unfortunately, I had to completely block NTP crossing our border
> >> (except for six authorized servers) as there are far too many NTP
> >> servers on our network with a default configuration that I have no
> >> direct administrative control over.  It would be better if ntpd
> >> defaulted to a non-exploitable configuration.
> >
> > I'll do what I can on this.  It will require cooperation and
> > collaboration with various OS folks.
> To first order, the default OS and package policy is to respect the
> upstream package defaults, unless they are clearly broken.  So ntpd
> should, when started up with no or a minimal config file, do the right
> thing.  Distributing a config file with complicated things in it that
> does the right thing, but having the bare binary do the wrong thing, is
> not a good approach in practice, even though it's theoretically
> equivalent in some sense.  (I'm not claiming this has been done - just
> sugggesting that an ntp.conf that says "peer server1\npeer server2"
> cause ntpd to behave reasonably.)

No default ntp.conf file has part of the stock distribution's
installation for as far back as I can remember.

If somebody starts ntpd without a conf file, ntpd will do nothing and if
somebody sends it any "tell me what you know" packets the response would
be quite minimal.


More information about the questions mailing list