[ntp:questions] Public ntp-server and reflection-attacks

Jure Sah dustwolfy at gmail.com
Mon Dec 23 14:31:08 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On 23. 12. 2013 15:13, Rob wrote:
> Jure Sah <dustwolfy at gmail.com> wrote:
>> Wouldn't noquery or nopeer also prevent your timeserver from
>> being used by other timeservers? Or at least limit usability?
> 
> Not really.  It limits the possibilities of debugging from remote 
> (e.g. to look what servers you are synced to), but it does not
> limit the use as a regular time server.

I would just like to understand this...

For noquery I understand, but for "nopeer"? The manual page states:
> Deny packets that might mobilize an association unless
> authenticated. This includes broadcast, symmetric-active and
> manycast server packets when a configured association does not
> exist. Note that this flag does not apply to packets that do not
> attempt to mobilize an association.

Doesn't this always happen when a new ntp server somewhere on the
internet chooses to use your NTP server as a peer?

LP,
Jure
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlK4SSwACgkQB6mNZXe93qhnfQCfXa4fGNSpaWapNXpiKAXtT+Q2
0pkAn2XL1/oYis3hfKHilwAyDhQY37BG
=4iHV
-----END PGP SIGNATURE-----



More information about the questions mailing list