[Pool] DDoS Type Attack

Anssi Johansson timekeeper at miuku.net
Thu Feb 13 23:57:20 UTC 2014

Nyamul Hassan kirjoitti:
> Thank you for the quick response!
> We are currently using these base rules:
> restrict default limited kod notrap nopeer
> restrict
> ...
> disable monitor     ###  This was added recently
> We'll add the "noquery" as you suggested to the top line.  Would you 
> have any other suggestions for us?

You should be aware that combining "disable monitor" and "limited" may 
have some unexpected consequences. In particular, including "limited" 
will re-enable the monitor.

https://bugzilla.redhat.com/show_bug.cgi?id=1047854#c27 has some 
thoughts about the configuration options, which will possibly apply to 
you even if you're not using RHEL or a RH-derived distribution.

My configuration is currently "restrict default limited kod nomodify 
notrap nopeer noquery" and no mention of the "disable monitor" option in 
the config file. "noquery" will also disable the use of "ntpq -p 
servername" to list the NTP server's peers. This is an unfortunate side 
effect, but it does not affect the time queries from clients.

More information about the pool mailing list