Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Apr 2001 00:06:59 -0700
From:      Steve Reid <sreid@sea-to-sky.net>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-01:31.ntpd
Message-ID:  <20010413000659.A88148@grok.bc.hsia.telus.net>
In-Reply-To: <200104122058.f3CKwLe45352@freefall.freebsd.org>; from FreeBSD Security Advisories on Thu, Apr 12, 2001 at 01:58:21PM -0700
References:  <200104122058.f3CKwLe45352@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 12, 2001 at 01:58:21PM -0700, FreeBSD Security Advisories wrote:
> IV.  Workaround
> Disable the ntpd daemon using the following command:

None of the advisories I've seen released (FreeBSD or otherwise) have
listed "restrict" directives in ntp.conf as a workaround. Is this
because it is not sufficient, or are the people writing the advisories
not aware of it, or other?

Restricting by address is subject to spoofing of course, but is there
any reason "restrict default noquery nomodify notrap nopeer" would not
be sufficient to protect a typical NTP client while still allowing it
to receive time service?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010413000659.A88148>