[ntp:questions] Public ntp-server and reflection-attacks
dustwolfy at gmail.com
Thu Dec 26 10:45:46 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 23. 12. 2013 18:14, Rob wrote:
>> I would just like to understand this...
>> For noquery I understand, but for "nopeer"? The manual page
>>> Deny packets that might mobilize an association unless
>>> authenticated. This includes broadcast, symmetric-active and
>>> manycast server packets when a configured association does not
>>> exist. Note that this flag does not apply to packets that do
>>> not attempt to mobilize an association.
> A peer is a two-way server-server link. Not a client using your
> server, but a server that syncs time with you and vice-versa.
>> Doesn't this always happen when a new ntp server somewhere on
>> the internet chooses to use your NTP server as a peer?
> You don't want that. NTP servers that are peers should be only
> added upon mutual agreement. A normal client of the pool is only a
> client of your server, not a peer. (i.e. they sync time to you, but
> you don't get time sync from them)
So in other words, a lower-stratum NTP server which uses my NTP server
as it's source of accurate time, is a client and not a peer?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the questions