[ntp:questions] better rate limiting against amplification attacks?

[Harlan Stenn]

Greg Troxel writes:
> Harlan Stenn <stenn at ntp.org> writes:
> 
> > No default ntp.conf file has part of the stock distribution's
> > installation for as far back as I can remember.
> >
> > If somebody starts ntpd without a conf file, ntpd will do nothing and if
> > somebody sends it any "tell me what you know" packets the response would
> > be quite minimal.
> 
> Are you saying that a server (with the latest code) configured as
> 
>   server host1.example.com
>   server host2.example.org
>   server host3.example.net
> 
> and nothing else in the ntp.conf will behave under current guidelines
> for best practices in terms of avoiding participating in DOS?

No, because that's not "without a conf file".

If you are going to create a config file that allows arbitrary hosts to
request query responses (which is, in general, a good thing) then that's
what you'll get.

I do want to discuss this and get a consensus for how to proceed.

I'm not sure how much we'll actually "win" by changing the default to:

 restrict default ... noquery ...

because people will just as easily create a new ntp.conf line that adds
overrides to either particular hosts/nets (which is good) or they may
just as easily remove the "restruct default noquery" and we're back in
the same place.

H