|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jan Kluka (kluka
DANKA.II.FMPH.UNIBA.SK)Date: Fri Apr 06 2001 - 09:58:09 CDT
On Thu, Apr 05, 2001 at 08:03:38PM -0400, Charles Sprickman wrote:
...
> Just a quick note to save others a bit of legwork... If you are running
> ntpd on a machine simply as a client, the following line in /etc/ntp.conf
> should keep people away:
>
> restrict default ignore
>
> Before adding this (I actually had the wrong syntax), the exploit crashed
> ntpd. Afterwords, not a blip, and ntpdate shows that ntpd is not
> answering anything...
Time servers which ntpd is synchronized to, are also subjected to the
restriction. So, if this is the only `restrict' in your ntp.conf, it also
prevents synchronization to the time server.
Besides `restrict default ignore' there should be
restrict time.server.address nomodify
for every 'server time.server.address' in your ntp.conf.
Now, ntpd can be crashed/exploited only by evil queries comming from
time.server.address (or by UDP-spoofed queries from anywhere else :-/).
JK
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]