Changing the access defaults
hmurray at megapathdsl.net
Fri Oct 7 02:09:08 UTC 2016
esr at thyrsus.com said:
> Out of the box, ntpd ships with anyone on the net able to do anything on the
> to your server - query it, KOD it, peer with it, modify its configuration
> with ntpq, etc.
It makes sense to let people query your server by default. (but see below)
I think the peer stuff needs a password by default. There is a way to
disable that. I'll look it up if you can't find it.
It takes a password to modify the config and such. There is something
similar to "trusted" that tells it which password(s?) is/are valid to use for
The real reason for all the restrict stuff was ntpd was used to DDoS other
systems. Really old systems made great amplifiers. I think the current code
is OK. It's UDP, so you can use it to redirect attacks, but I don't think a
default no-restrict system can do much amplification.
It might make sense for the default configuration to not answer any
unsolicited packets. That would prevent any use as a DDoS redirector and
would work fine on most client-only setups at the cost of making things
harder to monitor and debug.
> 2. We could drop that boilerplate from the configs we ship. That's a good
> thing, it means less to explain in our HOWTOs and less detail for newbies to
> be confused by.
No, you still have to explain that stuff. You are just explaining different
things to different people.
The default config would have to have a commented out restrict line that
turned it back into a server and a comment saying uncomment the next line if
you want this system to be a server.
These are my opinions. I hate spam.
More information about the devel