[ntp:questions] Unauthorized remote server configuration
Steve Kostecke
kostecke at ntp.org
Sun Jul 6 02:14:28 UTC 2008
On 2008-07-05, Bob <bobsjunkmail at bellsouth.net> wrote:
> It's happened again. I disabled auth last night after my previous post, and
> let it run overnight with Wireshark capturing I've now got two IP addresses
> listed as peers that I did not add. They are listed as "sym_passive". I see
> requests from these sites listed as "mode 1" in monlist.
This is the first time I've been able to understand what you're going on
about.
There is a very simple solution here. You need to be using the nopeer
restriction on your default restrict line.
I highly suggest that you review
http://support.ntp.org/Support/AccessRestrictions to learn about setting
a proper default restriction.
Here's a good paranoid default restriction which allows only time
service to everyone, but blocks symmtric_passive peers, and allow more
access for the localhost:
restrict default nomodify nopeer notrap noquery
restrict 127.0.0.1
--
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/
More information about the questions
mailing list