[chrony-users] prevent amplification attack

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

Hi there

My network is monitored by shadowserver.org and it reports for my chrony 
instance, that it may be used in amplification attacks because it responded to 
"ntp mode 6 query READVAR". [1] 

They suggest to test with 
	ntpq -c rv <my ntp server's ip>

but if I do so, I do get a timeout and no answer. I allow everyone to contact 
the ntp server (it's a pool server), but commands and queries should be 
restricted by default in chrony as I understand. The directive
is set in chrony.conf as a single word on its own line.

How can I properly test whether it is true what shadowserver.org claims and 
how can I prevent chronyd to not answering such queries, if it did?

Thank you for your comments.

Regards, Adrian.

[1] https://www.shadowserver.org/what-we-do/network-reporting/ntp-version-report/

Attachment: signature.asc
Description: This is a digitally signed message part.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/