https://bugzilla.novell.com/show_bug.cgi?id=859190 https://bugzilla.novell.com/show_bug.cgi?id=859190#c0 Summary: network:time/ntp: DDOS Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: openSUSE 13.1 Status: NEW Severity: Major Priority: P5 - None Component: 3rd party software AssignedTo: max@suse.com ReportedBy: opensuse@dstoecker.de QAContact: opensuse-communityscreening@forge.provo.novell.com Found By: --- Blocker: --- The current NTP default setup does not differntiate between internal and external access. The default setup should be modified, so that external access is restricted and admins need to remove restrictions when wanted. Probabably 99% of all NTP installations aren't meant to be worldwide visible, but suse defaults are extremely open. E.G. Ubuntu has # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.