Page MenuHomeVyOS Platform

Default NTP server settings
Closed, ResolvedPublic

Description

Per default VyOS will allow NTP clients from 0.0.0.0/0 to reach it's NTP server.

That kind of configuration is not recommended, and would allow malicious usage by NTP reflection DDoS attacks, taking up bandwidth and making the internet as a whole a bit more unsafe.

My suggestion is to completely remove "set service ntp allow-client" from the default VyOS configuration, as any admin that has the knowledge to setup a router from scratch should also be able to configure the NTP server to allow NTP requests from it’s client’s prefixes when needed.

If anyone is able to tell me where the default configurations are, I'm able to make the PR.

Details

Version
1.4
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Security vulnerability