[ntp:questions] Meinberg Configuration Help

William Unruh unruh at invalid.ca
Sun Mar 2 18:31:35 UTC 2014


On 2014-03-02, Brian Inglis <Brian.Inglis at SystematicSw.ab.ca> wrote:
> On 2014-03-01 15:43, boostinbadger at gmail.com wrote:
>> My NTP server is part of the pool project and appears to be running fine.  Comcast contacted me about a month ago to let me know that my NTP server was infected with a bot.  I checked and everything seems to be ok.  I re-enabled my server about a week ago and I received another phone call last week concerning security on my network.
>> I contacted Ask and he said that it was not a bot but an issue with my server allowing management requests.  I asked Ask how to properly configure my Meinberg client to not allow management requests because I understand that they can be problematic.  I know the config for ntpd but I am not sure of the proper syntax for Meinberg.  Can someone provide me with that info?
>
> Banner on http://support.ntp.org links to
> http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
> and recommends restrict default noquery [and possibly other no... options]
> or you could use restrict default ignore; also add disable monitor.

And why those are not the default I will never know. They should never
have been on by default-- the problem was obvous 15 years ago, if
nothing else in giving an attacker knowledge about your system. 
Things which go out to the  broad internet should be off by default, and be
switched on by the user who needs them. 
Just as ntpd does not have a list of servers it uses by default, but I
guess people running ntp servers got burned by that one 20 years ago.

>



More information about the questions mailing list