NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

• Server list entry maintainer:
  • Set ALLOWTOPICCHANGE = HaukeLampe

• Autokey available (experimental)
  • Autokey authentication provides you with digitally signed timestamps from the NTP server
  • Configure your system for IFF identity scheme (see Configuring Autokey)
  • Download this server's current IFF parameter file from https://www.hauke-lampe.de/ntp/ntpkey_iffpar_ntp2.hauke-lampe.de
    • PGP signature: https://www.hauke-lampe.de/ntp/ntpkey_iffpar_ntp2.hauke-lampe.de.sig
    • download PGP key 0xD95F1C53 or use the DNS CERT record at lampe.hauke-lampe.de
    • Fingerprint: 9FA9 5C97 BD6C CC99 C697  147C 2888 001B D95F 1C53
  • Users of ntpd versions before 4.2.5 should save the file as "ntpkey_iff_ntp2.hauke-lampe.de"
  • Enable autokey with the "autokey" option and "notrust" restriction:
    server ntp2.hauke-lampe.de autokey iburst
restrict ntp2.hauke-lampe.de nomodify notrap notrust ntpport
    
  • Key rotation interval not yet defined
  • Use DNSSEC+DLV to resolve the server names. It works!