[ntp:questions] better rate limiting against amplification attacks?

Greg Troxel gdt at ir.bbn.com
Sat Dec 28 00:13:00 UTC 2013


Harlan Stenn <stenn at ntp.org> writes:

> No default ntp.conf file has part of the stock distribution's
> installation for as far back as I can remember.
>
> If somebody starts ntpd without a conf file, ntpd will do nothing and if
> somebody sends it any "tell me what you know" packets the response would
> be quite minimal.

Are you saying that a server (with the latest code) configured as

  server host1.example.com
  server host2.example.org
  server host3.example.net

and nothing else in the ntp.conf will behave under current guidelines
for best practices in terms of avoiding participating in DOS?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.ntp.org/pipermail/questions/attachments/20131227/abc47266/attachment.sig>


More information about the questions mailing list