NTP users are strongly urged to take immediate action to ensure that their NTP daemon is not susceptible to use in a reflected denial-of-service (DRDoS) attack. Please see the NTP Security Notice
for vulnerability and mitigation details, and the Network Time Foundation Blog
for more information. (January 2014) See NTPAccessPolicyDev for discussion of this topic.
5.1. NTP Access Policy
It was proposed on news://comp.protocols.time.ntp
to publish the access policy for ntp via ntp/tcp.
Since ntp (the time protocol) only uses ntp/udp, ntp/tcp is available as a reserved port number
It would be possible to publish both a machine readable version (in some standard format, to be determined) and a human readable version.
A simple solution is to use
to offer a file on connection to ntp/tcp. Example line in inetd.conf:
ntp stream tcp nowait nobody /usr/libexec/tcpd /bin/cat /etc/ntp-access-policy.txt
would then contain the access policy.
- 28 Aug 2003