[ntp:questions] better rate limiting against amplification attacks?

Harlan Stenn stenn at ntp.org
Thu Jan 16 04:30:32 UTC 2014


Greg Troxel writes:
> Harlan Stenn <stenn at ntp.org> writes:
> 
> > William Unruh writes:
> >> I do not mean the default in the config file, I mean the default if
> >> there is no config file or if nothing is set in the config file.
> >
> > Then ntpd won't connect to anything and there will be no data to report.
> 
> This is a ridiculous strawman.   The ntp project is abdicating its
> responsibility to provide sane default behavior by claiming that no
> default behavior can make everyone happy and therefore it's not their
> fault.  The notion that OS packagers somehow have a better idea of usage
> is also specious.

We do supply some sample config files in the conf/ directory.

I don't know that anybody is really happy about them.

I am disinclined to distribute files like that because they "stick
around" for far too long.

I would much rather see an online config file generator, especially one
that can take some core "state information" and generate a new config
file that implements BCP.

I'll also point out that it seems to me that there's a lot of bitching
about the current situation, and Steve and I (and others) have pointed
out that this is a volunteer effort, and in the past there has been no
way for folks who want to contribute $ to do so.  Now that Network Time
Foundation exists, there *is* a vehicle that can accept funding and pay
for improvements for Network Time.

So please complain as much as you want.  Please volunteer as much as you
want.  Please financially support Network Time as much as you want.  I
also invite folks to pay attention to what they want to "get", and see
how what they are and are not doing correlates to what they are and are
not getting.
-- 
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!





More information about the questions mailing list