Date: Mon, 18 May 2015 13:56:06 +0200 From: Ewald Jenisch <a@jenisch.at> To: <freebsd-questions@freebsd.org> Subject: NTP - ntpdc monlist no longer working (10.1) Message-ID: <20150518115606.GA2898@aurora.oekb.co.at>
next in thread | raw e-mail | index | archive | help
Hi, Recently I upgraded a system from 8.3 to 10.1 (basically installing from scratch and pulling over all data). Upon checking my config I discovered "ntpc monlist" doesn't work in 10.1 (the monlist command is used for checking for clients that have connected to a NTP server). Please note, that I run the identical NTP-configuration (/etc/ntp.conf) on both the new and old machine. Specifically in my ntp.conf I've got restrict 127.0.0.1 so with this it should definitely be possible to run "ntpdc monlist" on the local machine querying the local ntp server. To track things down I even did a wireshark trace - sure enough I see ntp packets coming in including the "monlist"-packet - but no reply from my server. Also note, that I've got an identical configuration in terms of NTP permissions on a Raspberry - no problems with "ntpdc monlist" there. So here are my questions: o) Is "monlist" completely disabled in newer releases of FreeBSD per default? o) Is there any way to get monlist working again? Thanks in advance for any clue, -ewald PS: I'm well aware that "monlist" was used for NTP reflection attacks with internet facing NTP-servers - we're speaking of an NTP-server behind a firewall though with no inbound connections from the internet allowed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150518115606.GA2898>