[ntp:questions] better rate limiting against amplification attacks?
Martin Burnicki
martin.burnicki at meinberg.de
Thu Jan 16 15:20:14 UTC 2014
Rob wrote:
> Martin Burnicki <martin.burnicki at meinberg.de> wrote:
>> I bet the "server" options for pool servers are in there because this
>> was used in earlier versions before the "pool" keyword was introduced,
>> and it still works.
>>
>>> instead, and I'd have to look up when the 'pool' directive was put in
>>> there.
>>
>> IIRC this is supported in 4.2.6, but has not been supported in 4.2.4p8
>> and earlier. If the ntp.conf file shipped with a particular OS has been
>> initially created a long time ago and always been updated for newer NTP
>> versions then I'm not surprised to see this.
>
> Sure. When the ntp.conf would have been included in the ntpd distribution
> and would only have required small patches like including the distributor
> name in the config lines for pool servers, the distributor would have
> archived those as a local patch and any changes/updates in the ntp.conf
> would appear in the packaged versions as well.
>
> It is only because all the work of creating an ntp.conf has been placed
> on the distributor that those distributors do not update it for every
> change or feature in the program. They don't have the resources to track
> all changes in all packages they distribute.
I completely understand and agree.
Martin
--
Martin Burnicki
Meinberg Funkuhren
Bad Pyrmont
Germany
More information about the questions
mailing list