[Bug 858493] Re: By default ntpd listens on all interfaces

Pedro Côrte-Real pedro at pedrocr.net
Sat Sep 24 21:46:23 UTC 2011


What I was pointing out is that ntp listens to *:* when that's not
actually needed to function as an ntp client. Here's an example from a
server I was just setting up.

With ntpd:

$ sudo netstat -atpun | grep ntp
udp        0      0 myIP:123      0.0.0.0:*                           31805/ntpd      
udp        0      0 127.0.0.1:123           0.0.0.0:*                           31805/ntpd      
udp        0      0 0.0.0.0:123             0.0.0.0:*                           31805/ntpd      
udp6       0      0 ::1:123                 :::*                                31805/ntpd      
udp6       0      0 myIP :::*                                31805/ntpd      
udp6       0      0 :::123                  :::*                                31805/ntpd      

with openntpd:

$ sudo netstat -atpun | grep ntp
udp        0      0 myIP:57706    88.190.225.228:123      ESTABLISHED 32455/ntpd      
udp        0      0 myIP:46760    188.40.33.81:123        ESTABLISHED 32455/ntpd      
udp        0      0 myIP:33742    88.190.225.228:123      ESTABLISHED 32455/ntpd      
udp        0      0 myIP:34625    85.10.199.217:123       ESTABLISHED 32455/ntpd

so it seems to be possible to have working NTP communication without
opening up port 123 on all interfaces for everyone to connect. I assume
that's why /etc/ntp.conf has all those restrict lines by default,
whereas /etc/openntp/ntpd.conf only has server lines.

I know ntp restricts responses to localhost by default so someone that
wants to actually run an ntp server needs to change ntp.conf anyway. It
might as well take the next step and not bind to the interfaces at all
so as to not be a potential security risk.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/858493

Title:
  By default ntpd listens on all interfaces

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/858493/+subscriptions



More information about the Ubuntu-server-bugs mailing list