[ntp:questions] problem with pool directive?

David Taylor david-taylor at blueyonder.co.uk.invalid
Tue Nov 11 16:32:18 UTC 2014


On 11/11/2014 15:57, Brian Inglis wrote:
> On 2014-11-11 04:07, David Taylor wrote:
[]
>> I have no restrict statements at all, but I'm not offering my NTP
>> servers for public use.
>
> Are you sure?
> Even if they are not being offered, does not mean they are not being used.
> Your systems are well documented, so folks could try using them as servers.
> Never seen any counts in the last columnn or six of sysstats?
>
> [Presume sysstats columns report the server's responses to incoming
> packets rather than other servers responses to its outgoing packets
> - this is unclear!]
>
> People spend a lot of time trolling the internet for unprotected systems
> and ports they can exploit for attacks.
>
> Please add the recommended restrict options to lock your systems up, and
> then the required options to open up to your sources, LAN(s), and hosts.

Brian,

As a Linux novice, I have to ask what are sysstats?  On Raspian, at 
least, I get command not found.

I have always found the restriction options very confusing, but given 
the lines to allow full access from 192.168.0.x, and no external 
incoming access, I would gladly add those lines in and see what the 
resulting problems might be with the pool command.  I'm only running 
IPv4 at the moment.  I can try on one system first, of course.

I don't know what my router would do with unsolicited packets on port 
123.  I have needed to set up explicit port forwarding for other uses.

Any help on this would be appreciated.

Thanks,
David
-- 
Web: http://www.satsignal.eu



More information about the questions mailing list