[ntp:questions] "Trapping" in ntpd

Steve Kostecke kostecke at ntp.org
Wed Oct 3 21:05:18 UTC 2007


On 2007-10-03, Rob <pse at nospam.com> wrote:
> Steve wrote:
>
>> "A properly chosen default restriction will, in many circumstances, 
>> eliminate the need to clutter your ntp.conf file with redundant restrict
>> lines."
>
> ... some of the ntp.conf files that I have seen use "restrict default
> nomodify nopeer notrap"
>
> In my view, this is a sensible default restrict line.

Yes. It blocks functionality not strictly required for time service and
queries.

> It lets others do queries on your ntpd server but not set traps (which
> is probably only useful for debugging purposes and may increase load
> on your ntpd server significantly).

The only known trap client in existence is the ntptrap script in the
distribution.

The load from misconfigured clients (e.g. those that poll every second)
will _far_ outweigh any possible load caused by montoring mode that is
probably totally unused.

> It also prevents others from doing run time modifications to your
> server. Another senible restriction.

Remote modification is only possible under two circumstances:

1. You have deliberately disabled NTP authentication

2. You have configured symmetric keys in ntp.conf, generated the keys,
and distributed the keys.

nomodify blocks _all_ remote configuration, even when the user has the
correct key information.

> But if you wanted to really lock down your company's ntpd server on a
> corporate lan, one could use "restrict default nomodify nopeer noquery".

That is the most restrictive set of restrictions short of ignore.

> I suspect the noquery would also block traps.

There's little harm in specifying a redundant configuration option in
one place.

> I am not sure.  

Why don't you test it?

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/




More information about the questions mailing list