[ntp:hackers] Sample ntp.conf config files

Hal Murray hmurray at megapathdsl.net
Mon Feb 17 09:12:42 UTC 2014


brian.utterback at oracle.com said:
> Since the post 4.2.7 daemon can't be spoofed into an amplification  attack,
> I hate to see noquery there by default. That will kill "ntpq -p"  and
> ntptrace. I just don't think that NTP servers should be black boxes.  I
> think that you have a right to know from whence your time is derived. 

Good point.  Thanks.

I'll revise my suggestion to include a comment about the DDoS mess (with 
URL?) and that this ntp.conf is not appropriate for versions less than 
4.2.7pxxx.

Should we add a config command to check for old versions?  Something like:
  require version > 4.2.7pxxx


-- 
These are my opinions.  I hate spam.





More information about the hackers mailing list