[ntp:questions] better rate limiting against amplification attacks?

Harlan Stenn stenn at ntp.org
Fri Dec 27 20:34:28 UTC 2013


Greg Troxel writes:
> --=-=-=
> Content-Type: text/plain
> 
> 
> Harlan Stenn <stenn at ntp.org> writes:
> 
> > Garrett Wollman writes:
> >> Unfortunately, I had to completely block NTP crossing our border
> >> (except for six authorized servers) as there are far too many NTP
> >> servers on our network with a default configuration that I have no
> >> direct administrative control over.  It would be better if ntpd
> >> defaulted to a non-exploitable configuration.
> >
> > I'll do what I can on this.  It will require cooperation and
> > collaboration with various OS folks.
> 
> To first order, the default OS and package policy is to respect the
> upstream package defaults, unless they are clearly broken.  So ntpd
> should, when started up with no or a minimal config file, do the right
> thing.  Distributing a config file with complicated things in it that
> does the right thing, but having the bare binary do the wrong thing, is
> not a good approach in practice, even though it's theoretically
> equivalent in some sense.  (I'm not claiming this has been done - just
> sugggesting that an ntp.conf that says "peer server1\npeer server2"
> cause ntpd to behave reasonably.)

No default ntp.conf file has part of the stock distribution's
installation for as far back as I can remember.

If somebody starts ntpd without a conf file, ntpd will do nothing and if
somebody sends it any "tell me what you know" packets the response would
be quite minimal.

H


More information about the questions mailing list