Re: UNS: Re: NTP security hole CVE-2013-5211?

看板FB_security作者時間12年前 (2014/01/16 18:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串8/9 (看更多)
Hello Dag-Erling On 14.01.2014 14:11, Dag-Erling Sm=F8rgrav wrote: > Garrett Wollman <wollman@bimajority.org> writes: >> For a "pure" client, I would suggest "restrict default ignore" ought >> to be the norm. (Followed by entries to unrestrict localhost over v4 >> and v6.) > > Pure clients shouldn't use ntpd(8). They should use sntp(8) or a > lightweight NTP client like ttsntpd. I think it is a bad advice, then ntpd is much nicer to NTP = servers (mainly the NTP Pool), then sntp is. I am running a few NTP servers which are also in the NTP Pool and = I do volunteer to be also in the tr (Turkey) zone. In Turkey = there is one large telecommunication company with a lot of CPEs = which are doing sntp requests quite often. Even if the IP = addresses for the Pool are rotated quickly, they are all using = the same few DNS server to resolve and those hammering the same = few IP address at the same time. It is quite well visible in my = graphs [1] with the large peaks. The quiet stable ground traffic = is from nice ntpd clients which are distributed evenly on the NTP = Pool. [1] http://www.home4u.ch/ntp/ bye Fabian _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 fabian. 的文章
文章代碼(AID): #1IrwtUlw (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 8 之 9 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共9篇)
更多 fabian. 的文章
文章代碼(AID): #1IrwtUlw (FB_security)