NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p12 was released on 14 August 2018. It addresses 1 low-/medium-severity security issue in ntpd, 1 low-severity security issue in ntpq and ntpdc, and provides 27 non-security bugfixes and 4 other improvements over 4.2.8p11.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
See NTPAccessPolicyDev for discussion of this topic.
5.1. NTP Access Policy
It was proposed on
news://comp.protocols.time.ntp to publish the access policy for ntp via ntp/tcp.
Since ntp (the time protocol) only uses ntp/udp, ntp/tcp is available as a reserved port number
for ntp.
It would be possible to publish both a machine readable version (in some standard format, to be determined) and a human readable version.
A simple solution is to use
inetd to offer a file on connection to ntp/tcp. Example line in inetd.conf:
ntp stream tcp nowait nobody /usr/libexec/tcpd /bin/cat /etc/ntp-access-policy.txt
The file
/etc/ntp-access-policy.txt would then contain the access policy.
--
KoosVanDenHout - 28 Aug 2003
Support Web
Copyright &© 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback