Re: ntpdc doesn't work as expect

To: martin%duskware.de@localhost
Subject: Re: ntpdc doesn't work as expect
From: Havard Eidnes <he%uninett.no@localhost>
Date: Tue, 04 Aug 2015 22:18:55 +0200 (CEST)

> On Tue, Aug 04, 2015 at 08:06:03PM +0700, Pongthep Kulkrisada wrote:
>> I found that ntpdc doesn't work, while ntpq works pretty fine.
> 
> This is the effect of a newer ntp version and updated /etc/ntp.conf.
> After some security issues, ntpdc support has been turned off by default.

And if you want ntpdc to continue to work, but work safely, so
that the "monlist" command can't be used remotely to abuse your
NTP server as a DDoS reflector/amplifier, you can add these
lines to ntp.conf:

# New ntpd disables the ntpdc protocol by default, to re-enable uncomment
# the following line
enable mode7

# noquery only affects ntpq / ntpdc -- time service unaffected
restrict default kod noquery nomodify

# But allow local host to query etc.
restrict 127.0.0.1
restrict ::1

Regards,

- Håvard

Follow-Ups:
- Re: ntpdc doesn't work as expect
  - From: Pongthep Kulkrisada

References:
- ntpdc doesn't work as expect
  - From: Pongthep Kulkrisada
- Re: ntpdc doesn't work as expect
  - From: Martin Husemann

Prev by Date: Re: I/O question
Next by Date: Re: I/O question
Previous by Thread: Re: ntpdc doesn't work as expect
Next by Thread: Re: ntpdc doesn't work as expect
Indexes:

Home | Main Index | Thread Index | Old Index