[ntp:questions] Meinberg Configuration Help

Magnus Danielson magnus at rubidium.dyndns.org
Sun Mar 2 22:17:29 UTC 2014


On 02/03/14 19:31, William Unruh wrote:
> On 2014-03-02, Brian Inglis <Brian.Inglis at SystematicSw.ab.ca> wrote:
>> On 2014-03-01 15:43, boostinbadger at gmail.com wrote:
>>> My NTP server is part of the pool project and appears to be running fine.  Comcast contacted me about a month ago to let me know that my NTP server was infected with a bot.  I checked and everything seems to be ok.  I re-enabled my server about a week ago and I received another phone call last week concerning security on my network.
>>> I contacted Ask and he said that it was not a bot but an issue with my server allowing management requests.  I asked Ask how to properly configure my Meinberg client to not allow management requests because I understand that they can be problematic.  I know the config for ntpd but I am not sure of the proper syntax for Meinberg.  Can someone provide me with that info?
>>
>> Banner on http://support.ntp.org links to
>> http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
>> and recommends restrict default noquery [and possibly other no... options]
>> or you could use restrict default ignore; also add disable monitor.
>
> And why those are not the default I will never know. They should never
> have been on by default-- the problem was obvous 15 years ago, if
> nothing else in giving an attacker knowledge about your system.
> Things which go out to the  broad internet should be off by default, and be
> switched on by the user who needs them.
> Just as ntpd does not have a list of servers it uses by default, but I
> guess people running ntp servers got burned by that one 20 years ago.

There is a complete new generation of sys-admins since then.
"well known" among those so skilled in the art does not mean active 
knowledge amongst users. This might be a lesson to remember.

Cheers,
Magnus



More information about the questions mailing list