aix:time_server
Differences
This shows you the differences between two versions of the page.
|
aix:time_server [2021/01/01 21:21] 127.0.0.1 external edit |
aix:time_server [2025/04/22 10:26] (current) manu |
||
|---|---|---|---|
| Line 67: | Line 67: | ||
| slewalways yes | slewalways yes | ||
| </cli> | </cli> | ||
| + | |||
| + | ==== Disable NTP mode 6 and 7 queries ==== | ||
| + | |||
| + | Access restrictions | ||
| + | * For version 3 only. NTP mode 6 and 7 queries can be used in denial of service attacks. This document has instructions for disabling support for these queries in the xntpd daemon. | ||
| + | * Add the following lines to the /etc/ntp.conf file. This disables mode 6 and 7 queries, as well as other vulnerabilities, for all IP addresses, but allows them on the local loopback interface. | ||
| + | <code> | ||
| + | restrict default notrust nomodify nopeer noquery notrap | ||
| + | restrict 127.0.0.1 | ||
| + | </code> | ||
| + | * Add restrict and server entries for each trusted NTP server on the network. This overrides the default setting for the specified servers. | ||
| + | <code> | ||
| + | server 10.11.12.13 | ||
| + | restrict 10.11.12.13 nomodify notrap noquery | ||
| + | </code> | ||
| + | |||
| + | Restart xntpd daemon | ||
aix/time_server.1609532494.txt.gz · Last modified: 2021/01/01 21:21 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
