[outages] Internap Being DDoS'd
Chuck Anderson
cra at WPI.EDU
Wed Feb 12 14:23:21 EST 2014
On Wed, Feb 12, 2014 at 10:53:35AM -0800, Jeremy Chadwick wrote:
> I see some attributes in the "UNIX ntpd" example there which are
> missing. I would suggest people follow the defaults provided by some of
> the OSS distros (ex. FreeBSD 9):
>
> http://svnweb.freebsd.org/base/stable/9/etc/ntp.conf?revision=259974&view=markup
>
> Specifically these lines for starters:
>
> restrict default kod nomodify notrap nopeer noquery
> restrict -6 default kod nomodify notrap nopeer noquery
Only use "kod" if you also use "limited":
https://bugzilla.redhat.com/show_bug.cgi?id=1048196
"The current default restrict line in ntp.conf is:
restrict default kod nomodify notrap nopeer noquery
This can be confusing as the kod option is active only when the
limited options is also present. This is documented in ntp_acc(5) man
page.
The upcoming ntp-4.2.8 will warn about this and we probably want to
avoid getting that warning in the future.
http://bugs.ntp.org/show_bug.cgi?id=2060
The fix is to remove kod from the default restrict line."
More information about the Outages
mailing list