Yo Hal! On Sat, 14 May 2016 18:08:42 -0700 Hal Murray <hmur...@megapathdsl.net> wrote:
> g...@rellim.com said:
> > I like the PR aspect. Does NTPsec advertise itself in any way over
> > NTP protocol? Like a version number or something?
>
> In general, exposing version info is considered a security risk.
Some think that. The logic goes that people will scan your host, see
what version you are running, then run the exploit. I have never seen
a hacker do that. They just spray all their exploits at everything and
see wwhat sticks.
This is prolly a consequence of distros lying about their versions, or
backporting 'security' patches.
I prefer to leave my versions in the open, then when I do a an
automated security scan it tells me when I need to update.
As long as the user has a choice.
> If the ntpq stuff isn't restricted with noquery, you can get the
> version string with:
> /usr/local/sbin/ntpq -c "rv 0 version" $SERVER
Hmm, maybe this should say ntpsec, instead of ntpd:
catbert:/etc/fail2ban# ntpq -c "rv 0 version" pi2
version="ntpd 0.9.3-5fd5d82 May 14 2016 13:13:35"
And chronyd does nothing in response:
catbert:/etc/fail2ban# ntpq -c "rv 0 version" dagwood
dagwood.rellim.com: timed out, nothing received
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
pgptGB4pysmNj.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
