[ntp:questions] better rate limiting against amplification attacks?

Harlan Stenn stenn at ntp.org
Wed Jan 15 20:49:25 UTC 2014


William Unruh writes:
> Why does nptd not disable external monitoring or command by default.
> That way if someone wants to allow it, they have to actively do so,
> presumably knowing what they are doing.

Because there is clear value in the monitoring information being made
generally available.

We provide a sufficiently robust mechanism to handle the various
options.

It's not our place to dictate the local policy choice of how the
mechanism is configured.

On the one hand we can change the default from "open" to "closed", and
then create a whole bunch of work for a lot of people to address that
policy change.  Some work should likely happen regardless - the issue
goes to "who and how many will have to do the work" for each choice.

http://en.wikipedia.org/wiki/The_Chicken_and_the_Pig

-- 
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!


More information about the questions mailing list