[ntp:questions] better rate limiting against amplification attacks?

Steve Kostecke kostecke at ntp.org
Wed Jan 15 21:02:14 UTC 2014


On 2014-01-15, Rob <nomail at example.com> wrote:
> William Unruh <unruh at invalid.ca> wrote:
>>
>> I do not mean the default in the config file, I mean the default if
>> there is no config file or if nothing is set in the config file.
>
> That only becomes meaningful when ntpd starts to actually work without
> config file.  Of course that would be possible, but I don't think it
> is reality today.  Or is it, in the latest versions?

Both the current Production (i.e. stable) and the Development versions
of ntpd require a configuration file. Some may view this as a bug.
Others may view this as a feature.

>> I agree that distros could well put in something to undo that and that
>> they often do really stupid things (mainly because they do not
>> understand things).
>
> This problem would probably not exist when a good default config file
> was shipped by the maintainers.  Distro people don't have time on their
> hands ...

The same could be said about the NTP Reference Implementation
Developers; they're busy, too.

Anyone interested in reviewing the ./conf directory in the
distribution and contributing appropriate sample configuration files for
various ntpd use cases (e.g. server, leaf-node pool client, etc.) is
encouraged to do so.

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/



More information about the questions mailing list