[Pool] DDoS Type Attack
timekeeper at miuku.net
Thu Feb 13 23:57:20 UTC 2014
Nyamul Hassan kirjoitti:
> Thank you for the quick response!
> We are currently using these base rules:
> restrict default limited kod notrap nopeer
> restrict 127.0.0.1
> disable monitor ### This was added recently
> We'll add the "noquery" as you suggested to the top line. Would you
> have any other suggestions for us?
You should be aware that combining "disable monitor" and "limited" may
have some unexpected consequences. In particular, including "limited"
will re-enable the monitor.
https://bugzilla.redhat.com/show_bug.cgi?id=1047854#c27 has some
thoughts about the configuration options, which will possibly apply to
you even if you're not using RHEL or a RH-derived distribution.
My configuration is currently "restrict default limited kod nomodify
notrap nopeer noquery" and no mention of the "disable monitor" option in
the config file. "noquery" will also disable the use of "ntpq -p
servername" to list the NTP server's peers. This is an unfortunate side
effect, but it does not affect the time queries from clients.
More information about the pool