]>> That turns off monitoring, aka the MRU list. > I believe that was a security feature to prevent amplification of ddos-type > attacks. (for ntp classic) Or doesn't this work this way for ntpsec?
That was fixed in ntp classic long before ntpsec forked. The old code was for the client to send a request then the server would send back a lot of data. If you sent a forged request, that was a nice DDoS amplifier. The fix was to add a cookie. The server now needs a cookie along with the request. You can get the cookie from the server. It depends upon the IP Address. If you are sending forged requests, it's hard to get the cookie for the target system. You can also block -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
