[ntp:questions] better rate limiting against amplification attacks?
martin.burnicki at meinberg.de
Thu Jan 16 15:20:14 UTC 2014
> Martin Burnicki <martin.burnicki at meinberg.de> wrote:
>> I bet the "server" options for pool servers are in there because this
>> was used in earlier versions before the "pool" keyword was introduced,
>> and it still works.
>>> instead, and I'd have to look up when the 'pool' directive was put in
>> IIRC this is supported in 4.2.6, but has not been supported in 4.2.4p8
>> and earlier. If the ntp.conf file shipped with a particular OS has been
>> initially created a long time ago and always been updated for newer NTP
>> versions then I'm not surprised to see this.
> Sure. When the ntp.conf would have been included in the ntpd distribution
> and would only have required small patches like including the distributor
> name in the config lines for pool servers, the distributor would have
> archived those as a local patch and any changes/updates in the ntp.conf
> would appear in the packaged versions as well.
> It is only because all the work of creating an ntp.conf has been placed
> on the distributor that those distributors do not update it for every
> change or feature in the program. They don't have the resources to track
> all changes in all packages they distribute.
I completely understand and agree.
More information about the questions