hmurray at megapathdsl.net
Tue Nov 5 03:52:35 UTC 2019
>> Was there any discussion in ntpsec-land about disabling mode 6
>> queries *by default?*
> Dunno, best to ask on devel at ntpsec.org
I don't remember any discussion like that.
There are at least 2 reasons to block/disable mode 6. The first is the DDoS
problem with the old monlist command. That command has been replaced with one
that needs a cookie so it won't respond to simple requests with a forged
The second is all the information you can get that might be useful for
planning an attack. "peers", for example, gives you a list of servers is
using in case you want to intercept them. "rv 0 system" will give you the
kernel version string which might narrow the search space if you are attacking
via some other path.
You can block mode 6 with restrictions. I think most distros added those back
in the days when ntpd was used for major DDoS attacks. I doubt if they have
These are my opinions. I hate spam.
More information about the devel