[ntp:questions] better rate limiting against amplification attacks?
brian.utterback at oracle.com
Thu Jan 16 22:17:20 UTC 2014
On 1/16/2014 3:45 PM, Steve Kostecke wrote:
> On 2014-01-16, Greg Troxel <gdt at ir.bbn.com> wrote:
>> Harlan Stenn <stenn at ntp.org> writes:
> The majority use case for ntpd is to synchronize your clock to UTC (i.e.
> a leaf-node client). So an ntpd ought to have the following defaults:
> driftfile /path/to/ntp.drift
> pool pool.ntp.org iburst
> restrict -4 default kod notrap nomodify nopeer noquery
> restrict -6 default kod notrap nomodify nopeer noquery
> restrict 127.0.0.1
> restrict ::1
> This would enable the majority use case without the need for a
> configuration file.
I just tried that with 4.2.7p381 and it failed to get any servers. I added:
and it still failed. I commented out the first two restrict lines and
then it worked.
More information about the questions