[ntp:questions] problem with pool directive?

Brian Inglis Brian.Inglis at SystematicSw.ab.ca
Tue Nov 11 15:57:03 UTC 2014


On 2014-11-11 04:07, David Taylor wrote:
> On 11/11/2014 10:42, Harlan Stenn wrote:
>> David Taylor writes:
>>> On 10/11/2014 23:40, Harlan Stenn wrote:
>>>> You need 'restrict source ...' to allow pool connections.
>>> "pool" works here without needing any "restrict" statements.
>> Do you use "restrict default ... nopeer ... ?
> I have no restrict statements at all, but I'm not offering my NTP servers for public use.

Are you sure?
Even if they are not being offered, does not mean they are not being used.
Your systems are well documented, so folks could try using them as servers.
Never seen any counts in the last columnn or six of sysstats?

[Presume sysstats columns report the server's responses to incoming
packets rather than other servers responses to its outgoing packets
- this is unclear!]

People spend a lot of time trolling the internet for unprotected systems
and ports they can exploit for attacks.

Please add the recommended restrict options to lock your systems up, and
then the required options to open up to your sources, LAN(s), and hosts.
-- 
Take care. Thanks, Brian Inglis


More information about the questions mailing list