>> Was there any discussion in ntpsec-land about disabling mode 6 >> queries *by default?*
> Dunno, best to ask on devel@ntpsec.org I don't remember any discussion like that. There are at least 2 reasons to block/disable mode 6. The first is the DDoS problem with the old monlist command. That command has been replaced with one that needs a cookie so it won't respond to simple requests with a forged return address. The second is all the information you can get that might be useful for planning an attack. "peers", for example, gives you a list of servers is using in case you want to intercept them. "rv 0 system" will give you the kernel version string which might narrow the search space if you are attacking via some other path. You can block mode 6 with restrictions. I think most distros added those back in the days when ntpd was used for major DDoS attacks. I doubt if they have been removed. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
