r6 - 2004-10-12 - 03:02:13 - SteveKosteckeYou are here: NTP >  Support Web > NTPAccessPolicy
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p8 was released on 02 June 2016. It addresses 1 high- and 4 low--severity security issues, 4 bugfixes, and contains other improvements over 4.2.8p7.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
REFACTOR See NTPAccessPolicyDev for discussion of this topic.

5.1. NTP Access Policy

It was proposed on news://comp.protocols.time.ntp to publish the access policy for ntp via ntp/tcp. Since ntp (the time protocol) only uses ntp/udp, ntp/tcp is available as a reserved port number for ntp.

It would be possible to publish both a machine readable version (in some standard format, to be determined) and a human readable version.

A simple solution is to use inetd to offer a file on connection to ntp/tcp. Example line in inetd.conf:

ntp  stream  tcp     nowait  nobody  /usr/libexec/tcpd       /bin/cat /etc/ntp-access-policy.txt

The file /etc/ntp-access-policy.txt would then contain the access policy.

-- KoosVanDenHout - 28 Aug 2003

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r6 < r5 < r4 < r3 < r2 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2016 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback