SINGLESOCK - How much to strip away?
hmurray at megapathdsl.net
Sat Jun 2 06:28:13 UTC 2018
Richard Laager said:
> FWIW, for me, at least, the typical cases for daemons are:
> A) bind to localhost only (preferably at least ::1, else 127.0.0.1)
> B) bind to everything (with additional control happening in the kernel)
ntpd has 2 cases.
A) Client only - leaf node on the tree. (forest?)
B) Server - a non-leaf node
The key idea is that random servers don't initiate contact with leaf nodes so
they don't need a fixed port number. We could reduce the general exposure
for leaf nodes by not listening on port 123.
We might want to listen on ::1 so ntpq can talk to it, but that only works if
you can login to the machine to run ntpq. If you believe in snmp and our
wrapper works, then you don't need to login.
These are my opinions. I hate spam.
More information about the devel