[OpenIndiana-discuss] NTP trouble and 123 port

Gary Mills gary_mills at fastmail.fm
Fri Apr 25 13:23:26 UTC 2014 

On Fri, Apr 25, 2014 at 11:15:31AM +0200, Jozsef Brogyanyi wrote:
> I have trouble with 123 port. I wanted to set a NTP client not a server.
> I received an e-mail my ISP with a complain. Someone use my server 123 port.

I'll bounce you the message I sent to this mailing list in February.
It explains how to avoid the NTP amplification exploit that your ISP
complained about.

> My NTP settings is the next:
> 
> cp /etc/inet/ntp.client /etc/inet/ntp.conf
> nano /etc/inet/ntp.conf
> 
> Insert these lines. May be the these are not good.
> 
> server 0.hu.pool.ntp.org iburst
> server 1.hu.pool.ntp.org iburst
> server 2.hu.pool.ntp.org iburst
> server 3.hu.pool.ntp.org iburst

I don't know what `iburst' means, but `man ntpd' describes it
partially.  I don't use it.

> svcadm enable ntp
> svcs ntp
> svcs -x ntp
> ntpq -p
> How can I solve this problem if I need the NTP client?

Here are the non-comment lines from my ntp.conf:

 $ egrep -v '^#|^$' /etc/inet/ntp.conf               
 restrict default kod nomodify notrap nopeer noquery
 restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap nopeer
 restrict 127.0.0.1
 restrict -6 ::1
 server 0.pool.ntp.org
 server 1.pool.ntp.org
 server 2.pool.ntp.org
 server 3.pool.ntp.org
 driftfile /var/ntp/ntp.drift
 statsdir /var/ntp/ntpstats/
 filegen peerstats file peerstats type day enable
 filegen loopstats file loopstats type day enable

You likely won't need the `192.168.0.0' line.  That's for my private
network.

It works:

 $ ntpq -p
      remote           refid      st t when poll reach   delay   offset  jitter
 ==============================================================================
 +time.netspectru 208.90.144.52    3 u  489  512  377   34.130    0.809   0.739
 *penguin.hopcoun 209.51.161.238   2 u  140  512  377   31.145    0.683   1.324
 -mongrel.ahem.ca 208.81.2.13      2 u  144  512  377   24.124   -9.238   4.130
 +mirror.mountain 200.98.196.212   2 u  508  512  377   31.867    1.559   2.638

-- 
-Gary Mills-		-refurb-		-Winnipeg, Manitoba, Canada-

More information about the OpenIndiana-discuss mailing list