ntpd vulnerabilities
Dag-Erling Smørgrav
des at des.no
Tue Dec 23 08:37:56 UTC 2014
Joe Malcolm <jmalcolm at uraeus.com> writes:
> I'm no expert on ntp.conf, but this appears in my ntp.conf on one of
> my FreeBSD systems:
>
> restrict default kod nomodify notrap nopeer noquery
> restrict -6 default kod nomodify notrap nopeer noquery
>
> However, it also has these:
>
> restrict 127.0.0.1
> restrict -6 ::1
> restrict 127.127.1.0
These work on a "last match" basis. The latter three lines lift all
restrictions for localhost, so you can still "ntpq -pn" your own server,
but nobody else can.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list