OpenNTPProject.org

• Previous message (by thread): OpenNTPProject.org
• Next message (by thread): OpenNTPProject.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, February 17, 2014 04:38:06 AM Brian Rak wrote:

> There is no excuse to still be running a NTP server with
> monlist enabled.  Fix your configuration, and you don't
> need IPTables rules.

Juniper's Junos implementation (which is based on FreeBSD) 
hasn't been patched

Using firewall filters is the only way to mitigate the 
vulnerability.

For those with Juniper access:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&actp=SUBSCRIPTION

It's not clear when the software patch will be made 
available.

As it were, ScreenOS and JUNOSe are not affected, as they 
don't support the MONLIST feature.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140217/6559754b/attachment.sig>

• Previous message (by thread): OpenNTPProject.org
• Next message (by thread): OpenNTPProject.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]