実はもとから対策されている…!!
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# vi /etc/ntp.conf # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery ←確認 ※ipv4、ipv6共に全てのアクセスを拒否 restrict -6 default kod nomodify notrap nopeer noquery ←確認 # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst ↓変更 # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server -4 ntp.nict.jp iburst server -4 ntp.nict.jp iburst server -4 ntp.nict.jp iburst ※最終行に追加 # NTP Dos攻撃対策※ リモートからmonilistをされないようにする。 disable monitor |
|
1 |
# service ntpd restart |
|
1 2 3 4 5 |
# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== *ntp-b3.nict.go. .NICT. 1 u 15 64 1 2.545 -0.366 0.072 +ntp-a3.nict.go. .NICT. 1 u 14 64 1 2.160 -0.336 0.087 |
[crayon-5ed3dfdc2684a35770302 …