homepage Welcome to WebmasterWorld Guest from 54.204.127.59
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Plugging NTP Security Holes
mattglet




msg:3265509
 4:00 pm on Feb 27, 2007 (gmt 0)

We got a notice from ScanAlert saying that our mail server (FreeBSD) has a security issue with the NTP port, and offers this as a fix:

Quickfix: Set NTP to restrict default access to ignore all info packets: restrict default ignore

Will this disable the ability for servers to time sync? It seems to me (being a non- *nix person) that this command will effectively render server to server time sync useless? What are my options?

 

Birdman




msg:3265522
 4:10 pm on Feb 27, 2007 (gmt 0)

This may help:
[freebsd.org...]

25.10.3.3 Controlling Access to Your Server
By default, your NTP server will be accessible to all hosts on the Internet. The restrict option in /etc/ntp.conf allows you to control which machines can access your server.
If you want to deny all machines from accessing your NTP server, add the following line to /etc/ntp.conf:
restrict default ignore

If you only want to allow machines within your own network to synchronize their clocks with your server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

instead, where 192.168.1.0 is an IP address on your network and 255.255.255.0 is your network's netmask.
/etc/ntp.conf can contain multiple restrict options. For more details, see the Access Control Support subsection of ntp.conf(5).


Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved