[ntp:questions] better rate limiting against amplification attacks?

E-Mail Sent to this address will be added to the BlackLists Null at BlackList.Anitech-Systems.invalid
Fri Jan 17 06:52:44 UTC 2014


Greg Troxel wrote:
> Really, ntpd should, when run with a config file of only
>
>   server 0.pool.ntp.org
>   server 1.pool.ntp.org
>   server 2.pool.ntp.org

# IMHO, More like:
restrict -4 default limited kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict ::1
restrict 224.0.1.1 mask 255.255.255.255 nomodify
restrict source nomodify
pool pool.ntp.org iburst preempt


-- 
E-Mail Sent to this address <BlackList at Anitech-Systems.com>
  will be added to the BlackLists.



More information about the questions mailing list