nanog mailing list archives
Re: OpenNTPProject.org
From: Mark Tinka <mark.tinka () seacom mu>
Date: Mon, 17 Feb 2014 05:59:43 +0200
On Monday, February 17, 2014 04:38:06 AM Brian Rak wrote:
There is no excuse to still be running a NTP server with monlist enabled. Fix your configuration, and you don't need IPTables rules.
Juniper's Junos implementation (which is based on FreeBSD) hasn't been patched Using firewall filters is the only way to mitigate the vulnerability. For those with Juniper access: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&actp=SUBSCRIPTION It's not clear when the software patch will be made available. As it were, ScreenOS and JUNOSe are not affected, as they don't support the MONLIST feature. Mark.
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Re: OpenNTPProject.org, (continued)
- Re: OpenNTPProject.org George, Wes (Feb 17)
- Re: OpenNTPProject.org Pete Ashdown (Feb 17)
- Re: OpenNTPProject.org Blake Dunlap (Feb 17)
- Re: OpenNTPProject.org Anthony Williams (Feb 17)
- Re: OpenNTPProject.org James R Cutler (Feb 17)
- Re: OpenNTPProject.org Blake Dunlap (Feb 17)
- RE: OpenNTPProject.org Mike Walter (Feb 18)
- Re: OpenNTPProject.org Dobbins, Roland (Feb 17)
- Re: OpenNTPProject.org Paul S. (Feb 17)
- Re: OpenNTPProject.org Harlan Stenn (Feb 17)
- Re: OpenNTPProject.org Lyndon Nerenberg (Feb 16)
- Re: OpenNTPProject.org Christopher Morrow (Feb 16)
- Re: OpenNTPProject.org Lyndon Nerenberg (Feb 16)
- Re: OpenNTPProject.org Mark Tinka (Feb 16)
- Re: OpenNTPProject.org Christopher Morrow (Feb 16)
- Re: OpenNTPProject.org Yucong Sun (Feb 17)
- JunOS NTP - Re: OpenNTPProject.org Jared Mauch (Feb 18)
- Re: JunOS NTP - Re: OpenNTPProject.org John Kristoff (Feb 18)
- Re: JunOS NTP - Re: OpenNTPProject.org Mark Tinka (Feb 18)