Versions Compared

Old Version 38

changes.mady.by.user Gabriel Hernandez

Saved on

compared with

New Version 39

changes.mady.by.user Gabriel Hernandez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Prevention
--------------
1. If you plan to continue running NTP, ensure it is upgraded to 4.2.6, or later.  ITS Networking operates two NTPv4 (NTP version 4) free of charge: 128.83.185.40 (ntp1.utexas.edu) or 128.83.185.41 (ntp2.utexas.edu)
2. Review NTP access restrictions and adjust as needed. Refer to the following
    resources: http://support.ntp.org/bin/view/Support/AccessRestrictions

Panel
borderColorgreen

Example 1:

edit /etc/inet/ntp.client -> ntp.conf

 added:

#added for DDoS prevention - don't allow any machine, except those w/o flags
restrict default notrust nomodify noquery    
restrict 127.0.0.1
restrict 128.83.185.40
restrict 128.83.185.41
 

Example 2 (with additional comments):

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
restrict -6 default ignore
 
#restrict default kod nomodify notrap nopeer noquery
#restrict -6 default kod nomodify notrap nopeer noquery
 
# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
server 128.83.185.40
restrict 128.83.185.40 nomodify notrap nopeer noquery
server 128.83.185.41
restrict 128.83.185.41 nomodify notrap nopeer noquery
 
~~~~~~~~``
default servers are commented out
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

...