[ntp:questions] better rate limiting against amplification attacks?

Martin Burnicki martin.burnicki at meinberg.de
Thu Jan 16 15:20:14 UTC 2014

Rob wrote:
> Martin Burnicki <martin.burnicki at meinberg.de> wrote:
>> I bet the "server" options for pool servers are in there because this
>> was used in earlier versions before the "pool" keyword was introduced,
>> and it still works.
>>> instead, and I'd have to look up when the 'pool' directive was put in
>>> there.
>> IIRC this is supported in 4.2.6, but has not been supported in 4.2.4p8
>> and earlier. If the ntp.conf file shipped with a particular OS has been
>> initially created a long time ago and always been updated for newer NTP
>> versions then I'm not surprised to see this.
> Sure.  When the ntp.conf would have been included in the ntpd distribution
> and would only have required small patches like including the distributor
> name in the config lines for pool servers, the distributor would have
> archived those as a local patch and any changes/updates in the ntp.conf
> would appear in the packaged versions as well.
> It is only because all the work of creating an ntp.conf has been placed
> on the distributor that those distributors do not update it for every
> change or feature in the program.  They don't have the resources to track
> all changes in all packages they distribute.

I completely understand and agree.

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the questions mailing list