[169155] in North American Network Operators' Group
Re: OpenNTPProject.org
daemon@ATHENA.MIT.EDU (Pete Ashdown)
Mon Feb 17 02:24:11 2014
Date: Mon, 17 Feb 2014 00:23:43 -0700
From: Pete Ashdown <pashdown@xmission.com>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <5301760E.20009@gameservers.com>
X-SA-Exim-Mail-From: pashdown@xmission.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/16/14, 7:38 PM, Brian Rak wrote:
> Seriously, just fix your configuration. The part of NTP being abused
> is completely unrelated to actually synchronizing time. It's a
> management query, that has no real reason to be enabled remotely. You
> don't even need to resort to iptables for this, because NTPD has built
> in rate limiting (which isn't enabled for management queries, but
> those are trivial to disable).
Thanks for the tip, monitoring is off. I was under the impression that
rate-limiting hadn't made it into a stable version of ntpd yet. Is that
incorrect?
