[Pool] DDoS Type Attack
stenn at ntp.org
Mon Feb 17 00:26:19 UTC 2014
Nyamul Hassan writes:
> Content-Type: text/plain; charset=UTF-8
> > > restrict default limited kod notrap nopeer
> > Add noquery to the above list or your machines will allow DDoSing other
> > folks.
> Yes, we could. But, some people on this list believe that "noquery" also
> restricts certain use cases, which as "Pool Servers" we should be able to
> accommodate. What do you think?
Use noquery, unless you are running 4.2.7p26 or later.
If there are outside people who have a legitimate need to get the time
from your server they might have a legitimate need to query your ntpd
for information. Otherwise you are just another site that can be abused
for the attacks.
More information about the pool