[ntp:questions] better rate limiting against amplification attacks?
stenn at ntp.org
Fri Dec 27 20:34:28 UTC 2013
Greg Troxel writes:
> Content-Type: text/plain
> Harlan Stenn <stenn at ntp.org> writes:
> > Garrett Wollman writes:
> >> Unfortunately, I had to completely block NTP crossing our border
> >> (except for six authorized servers) as there are far too many NTP
> >> servers on our network with a default configuration that I have no
> >> direct administrative control over. It would be better if ntpd
> >> defaulted to a non-exploitable configuration.
> > I'll do what I can on this. It will require cooperation and
> > collaboration with various OS folks.
> To first order, the default OS and package policy is to respect the
> upstream package defaults, unless they are clearly broken. So ntpd
> should, when started up with no or a minimal config file, do the right
> thing. Distributing a config file with complicated things in it that
> does the right thing, but having the bare binary do the wrong thing, is
> not a good approach in practice, even though it's theoretically
> equivalent in some sense. (I'm not claiming this has been done - just
> sugggesting that an ntp.conf that says "peer server1\npeer server2"
> cause ntpd to behave reasonably.)
No default ntp.conf file has part of the stock distribution's
installation for as far back as I can remember.
If somebody starts ntpd without a conf file, ntpd will do nothing and if
somebody sends it any "tell me what you know" packets the response would
be quite minimal.
More information about the questions