OpenNTPProject.org
Mark Tinka
mark.tinka at seacom.mu
Mon Feb 17 03:59:43 UTC 2014
On Monday, February 17, 2014 04:38:06 AM Brian Rak wrote:
> There is no excuse to still be running a NTP server with
> monlist enabled. Fix your configuration, and you don't
> need IPTables rules.
Juniper's Junos implementation (which is based on FreeBSD)
hasn't been patched
Using firewall filters is the only way to mitigate the
vulnerability.
For those with Juniper access:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&actp=SUBSCRIPTION
It's not clear when the software patch will be made
available.
As it were, ScreenOS and JUNOSe are not affected, as they
don't support the MONLIST feature.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140217/6559754b/attachment.sig>
More information about the NANOG
mailing list