[Pool] DDoS Type Attack

Harlan Stenn stenn at ntp.org
Mon Feb 17 00:26:19 UTC 2014

Nyamul Hassan writes:
> --047d7b162c09a60b7404f28df556
> Content-Type: text/plain; charset=UTF-8
> >
> > > restrict default limited kod notrap nopeer
> >
> > Add noquery to the above list or your machines will allow DDoSing other
> > folks.
> Yes, we could.  But, some people on this list believe that "noquery" also
> restricts certain use cases, which as "Pool Servers" we should be able to
> accommodate.  What do you think?

Use noquery, unless you are running 4.2.7p26 or later.

If there are outside people who have a legitimate need to get the time
from your server they might have a legitimate need to query your ntpd
for information.  Otherwise you are just another site that can be abused
for the attacks.


More information about the pool mailing list