Domain Time is typically not susceptible to ntpd vulnerabilities because it is not ported from ntpd and does not use any ntpd code.
Domain Time is also not susceptible to being used in NTP amplification attacks (see below for ways to disable this). These attacks work by returning a large
amount of data to a spoofed IP source address in response to a relatively small request
packet. These attacks depend upon NTP clients responding to certain specific status reporting functions commonly found in NTP
time clients ported from the typical ntpd daemon in standard use on UNIX/Linux. Domain Time does not implement these ntpd-specific auxilliary status reporting functions,
therefore we do not respond to the spoofed attack packets.
Note: Domain Time Server (if the NTP protocol is enabled) and Domain Time Client (if the NTP Broadcast Listener is enabled) can respond to several specific ntpq queries: ntpq -np, ntpdate -q, and/or ntpd -c nv.
These commands typically do not respond with large amounts of data, so they are unlikely to be used in amplification attacks.
However, on Domain Time version 5.2.b.20140101 or later, these responses (including all NTP Mode 6 commands) can be disabled if desired by setting the following registry value to True:
HKEY_LOCAL_MACHINE\SOFTWARE\Greyware\Domain Time Server[Client]\Parameters\NTP Query Disabled