r6 - 2004-11-03 - 04:52:03 - HarlanStennYou are here: NTP >  Support Web > StartingNTP4 > StartingNTP4Dev
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p10 was released on 21 March 2017. It addresses 6 medium- and 5 low-severity security issues, 4 informational security topics, 15 bugfixes, and contains other improvements over 4.2.8p9.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Development discussion for StartingNTP4


Should we clean out the old info here? It is available as diffs...
Should we have a sections for General, Unix, and Windows?

Use of burst

The StartingNTP4 article says "# Use iburst (or, if appropriate, burst) in the appropriate peer or server lines in your /etc/ntp.conf file."

I believe this needs a little more discussion. In particular, "appropriate" usage of burst needs to be defined. Since the use of burst appears to cause a client to send eight request packets to a server at each poll interval, it is far from clear under what circumstances the use of burst is justified. It certainly seems like a nasty thing to do to a public server.

-- RichardBGilbert - 16 Sep 2004


We mention this again in ConfiguringNTP and folks can search for "burst" in the Go/Search window.

Until somebody provides more information here, the only other place it is documented is in the official documentation tree.

I'm about to head off on a vacation - if nobody beats me to it I'll look for a link to this information in those pages and add it to ConfiguringNTP (unless Steve thinks it should go elsewhere).

-- HarlanStenn - 17 Sep 2004


Okay, I updated the page for StartingNTP4 to provide a bit more information about burst and iburst, and to link to the "confopt.html" page that describes their use. Is there anything more that needs to be done?

-- BradKnowles - 18 Sep 2004


Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r6 < r5 < r4 < r3 < r2 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback