Bugzilla – Bug 859190
network:time/ntp: DDOS
Last modified: 2014-01-17 13:35:24 UTC
The current NTP default setup does not differntiate between internal and external access. The default setup should be modified, so that external access is restricted and admins need to remove restrictions when wanted. Probabably 99% of all NTP installations aren't meant to be worldwide visible, but suse defaults are extremely open. E.G. Ubuntu has # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery
Created attachment 574790 [details] My default ntp configuration from an Hetzner uBuntu server
The security team decided that we only need to change this in Factory. BTW, the Bugzilla product openSUSE.org is about the openSUSE project and its infrastructure. Bugs against openSUSE should be reported against either openSUSE Factory or one of the released versions. *** This bug has been marked as a duplicate of bug 857195 ***