[time] security issues with open port 123/udp?

Pablo Sanchez pablo
Tue Sep 28 16:20:27 UTC 2004


Hi,

I ran a pen Nessus test on my machine and it says the following:

::: report :::
It is possible to determine a lot of information about the remote host by
querying the NTP variables - these include OS descriptor and time settings.

<< a bunch of stuff about my machine including Linux version >>

Quickfix:  Set NTP to restrict default access to ignore all info packets:
restrict default ignore

Risk factor:  Low

::: end of report :::

As soon as I set 'restrict default ignore', I can no longer sync to the NTP
pool.

I tried the following to no avail:

restrict default ignore
restrict pool.ntp.org

Any pointers would be welcomed.

-pablo



More information about the pool mailing list