[ntp:questions] better rate limiting against amplification attacks?

Miroslav Lichvar mlichvar at redhat.com
Thu Jan 16 14:14:36 UTC 2014

On Thu, Jan 16, 2014 at 02:28:32PM +0100, Martin Burnicki wrote:
> Harlan Stenn wrote:
> >  pool 0.debian.pool.ntp.org iburst
> I bet the "server" options for pool servers are in there because
> this was used in earlier versions before the "pool" keyword was
> introduced, and it still works.
> >instead, and I'd have to look up when the 'pool' directive was put in
> >there.
> IIRC this is supported in 4.2.6, but has not been supported in
> 4.2.4p8 and earlier. If the ntp.conf file shipped with a particular
> OS has been initially created a long time ago and always been
> updated for newer NTP versions then I'm not surprised to see this.

IIRC the pool command in 4.2.6 uses quite a lot of servers, which
probably is not an acceptable use of pool.ntp.org. I think it was
improved later in 4.2.7. The page about recommended configuration
doesn't mention it yet.


Vendors should be careful with the pool command.

Miroslav Lichvar

More information about the questions mailing list