[Bug 858493] Re: By default ntpd listens on all interfaces
Pedro Côrte-Real
pedro at pedrocr.net
Sat Sep 24 21:46:23 UTC 2011
What I was pointing out is that ntp listens to *:* when that's not
actually needed to function as an ntp client. Here's an example from a
server I was just setting up.
With ntpd:
$ sudo netstat -atpun | grep ntp
udp 0 0 myIP:123 0.0.0.0:* 31805/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 31805/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 31805/ntpd
udp6 0 0 ::1:123 :::* 31805/ntpd
udp6 0 0 myIP :::* 31805/ntpd
udp6 0 0 :::123 :::* 31805/ntpd
with openntpd:
$ sudo netstat -atpun | grep ntp
udp 0 0 myIP:57706 88.190.225.228:123 ESTABLISHED 32455/ntpd
udp 0 0 myIP:46760 188.40.33.81:123 ESTABLISHED 32455/ntpd
udp 0 0 myIP:33742 88.190.225.228:123 ESTABLISHED 32455/ntpd
udp 0 0 myIP:34625 85.10.199.217:123 ESTABLISHED 32455/ntpd
so it seems to be possible to have working NTP communication without
opening up port 123 on all interfaces for everyone to connect. I assume
that's why /etc/ntp.conf has all those restrict lines by default,
whereas /etc/openntp/ntpd.conf only has server lines.
I know ntp restricts responses to localhost by default so someone that
wants to actually run an ntp server needs to change ntp.conf anyway. It
might as well take the next step and not bind to the interfaces at all
so as to not be a potential security risk.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/858493
Title:
By default ntpd listens on all interfaces
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/858493/+subscriptions
More information about the Ubuntu-server-bugs
mailing list