NTP - ntpdc monlist no longer working (10.1)
Ewald Jenisch
a at jenisch.at
Mon May 18 11:57:22 UTC 2015
Hi,
Recently I upgraded a system from 8.3 to 10.1 (basically installing
from scratch and pulling over all data).
Upon checking my config I discovered "ntpc monlist" doesn't work in
10.1 (the monlist command is used for checking for clients that have
connected to a NTP server).
Please note, that I run the identical NTP-configuration (/etc/ntp.conf) on
both the new and old machine.
Specifically in my ntp.conf I've got
restrict 127.0.0.1
so with this it should definitely be possible to run "ntpdc monlist"
on the local machine querying the local ntp server.
To track things down I even did a wireshark trace - sure enough I see
ntp packets coming in including the "monlist"-packet - but no reply
from my server.
Also note, that I've got an identical configuration in terms of NTP
permissions on a Raspberry - no problems with "ntpdc monlist" there.
So here are my questions:
o) Is "monlist" completely disabled in newer releases of FreeBSD per
default?
o) Is there any way to get monlist working again?
Thanks in advance for any clue,
-ewald
PS: I'm well aware that "monlist" was used for NTP reflection attacks
with internet facing NTP-servers - we're speaking of an NTP-server
behind a firewall though with no inbound connections from the internet
allowed.
More information about the freebsd-questions
mailing list