[ntp:questions] Public ntp-server and reflection-attacks
dustwolfy at gmail.com
Mon Dec 23 14:31:08 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 23. 12. 2013 15:13, Rob wrote:
> Jure Sah <dustwolfy at gmail.com> wrote:
>> Wouldn't noquery or nopeer also prevent your timeserver from
>> being used by other timeservers? Or at least limit usability?
> Not really. It limits the possibilities of debugging from remote
> (e.g. to look what servers you are synced to), but it does not
> limit the use as a regular time server.
I would just like to understand this...
For noquery I understand, but for "nopeer"? The manual page states:
> Deny packets that might mobilize an association unless
> authenticated. This includes broadcast, symmetric-active and
> manycast server packets when a configured association does not
> exist. Note that this flag does not apply to packets that do not
> attempt to mobilize an association.
Doesn't this always happen when a new ntp server somewhere on the
internet chooses to use your NTP server as a peer?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the questions