NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to use in a distributed denial-of-service (DDoS) attack. Please also take this opportunity to defeat denial-of-service attacks by implementing ingress and Egress filtering through BCP38.
The final two security bugs reported by Google's Security Team have been fixed as of ntp-4.2.8p1.
A new set of mode 6 vulnerabilities has been discovered and, while these vulnerabilities can be reduced by making sure you have
restrict default … noqueryin your
ntp.conffile, the best and most complete way to avoid these vulnerabilities is to install and deploy
ntp-4.2.8p1which was released on 04 February 2015.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
|ServerStratum||select||1||StratumTwo, StratumOne, Inactive||The stratum this time server normally operates at|
|CountryCode||text||6||2 letter alphanumeric ISO Country Code not the telephone code or post code||M|
|Hostname||text||48||The fully qualified host name of this time server||M|
|IP Address||text||32||The IPv4 address of the time server||M|
|IPv6 Address||text||32||The IPv6 address of this time server|
|UseDNS||radio||1||Yes, No||Use DNS instead of hostname|
|PoolMember||radio||1||No, Yes||Include this server in pool.ntp.org lists?|
|ServerLocation||text||48||The City/State/Province where this server is located||M|
|HostOrganization||text||48||The name of the organization hosting, sponsoring, or operating this time server|
|GeographicCoordinates||text||48||The geographic coordinates of this time server|
|ServerSynchronization||text||48||Server synchronization (e.g. type of ref-clock)|
|ServiceArea||text||48||Enter your service area||M|
|AccessPolicy||select||1||OpenAccess, RestrictedAccess, ClosedAccess||Select your access policy|
|AccessDetails||text||48||Enter your access policy details|
|NotificationMessage||radio||1||Yes, No||Send notification message?|
|AutoKey||radio||1||No, Yes||Does this server support Autokey authentication?|
|AutoKeyURL||text||48||Where to obtain the client key|
|SymmetricKey||radio||1||No, Yes||Is Symmetric Key authentication supported by this server?|
|SymmetricKeyType||checkbox||2||DES, MD5||Types of Symmetric Keys available|
|SymmetricKeyURL||text||48||Where to obtain information about Symmetric Key authentication|
|ServerContact||text||48||The e-mail address for contacting the time server operator||M|