[pkg-ntp-maintainers] Bug#733940: Bug#733940: ntp missing security update, previously advised service configurations allow DDoS amplification attack prior to upstream 4.2.7p26
Kurt Roeckx
kurt at roeckx.be
Mon May 19 21:13:05 UTC 2014
On Mon, May 19, 2014 at 01:13:05PM -0700, Michael Evans wrote:
>
> The default shipped configuration file /may/ be secure, but does not
> adequately document /why/ it is secure. Previous versions of the
> AccessRestrictions documentation (prior to likely someone early this year
> when the NTP reflection attacks became popular) appeared to advise removing
> the noquery attribute
Please say where this appeared to have been adviced. I can't
remember this ever being recommended, at least not in the
documentation. I think the comment in the default config file
we ship should also be more than clear enough. I think this is
mostly a problem for people *not* reading documentation or
comments.
Kurt
More information about the pkg-ntp-maintainers
mailing list