[169147] in North American Network Operators' Group
Re: OpenNTPProject.org
daemon@ATHENA.MIT.EDU (Mark Tinka)
Sun Feb 16 23:00:24 2014
From: Mark Tinka <mark.tinka@seacom.mu>
To: nanog@nanog.org
Date: Mon, 17 Feb 2014 05:59:43 +0200
In-Reply-To: <5301760E.20009@gameservers.com>
Reply-To: mark.tinka@seacom.mu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart12117619.6CMhi9kxtE
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On Monday, February 17, 2014 04:38:06 AM Brian Rak wrote:
> There is no excuse to still be running a NTP server with
> monlist enabled. Fix your configuration, and you don't
> need IPTables rules.
Juniper's Junos implementation (which is based on FreeBSD)=20
hasn't been patched
Using firewall filters is the only way to mitigate the=20
vulnerability.
=46or those with Juniper access:
http://kb.juniper.net/InfoCenter/index?page=3Dcontent&id=3DJSA10613&actp=3D=
SUBSCRIPTION
It's not clear when the software patch will be made=20
available.
As it were, ScreenOS and JUNOSe are not affected, as they=20
don't support the MONLIST feature.
Mark.
--nextPart12117619.6CMhi9kxtE
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAABAgAGBQJTAYkvAAoJEGcZuYTeKm+Gjw8QAME098dFraCYieM7XGC2IkIy
/0yqMIOdEfejciPjlTPPjJLoxVi5/Xtwq2JT8CsfmSAPMIUDX6QOmU7SKnej/qSp
Gp3ALrJYhdjTutMQdZPt+9+gIHSg9cnlYVYeCflLYWoh6PlBYlmg4Q5+046zhEiX
RSEat2Kfz+Yt9WYWMdrvav0vuJHIeWj6vG1MUVTNrM4jpbNbAR6StzpY8gxktmR6
ZiV5bgI1Qd+Z3w8V7TwRmBCz6lIzjOltgoDYHhY/PhBOtVM6yeVxT5Iskb4u5ZIe
H7RJL4B69DQf5QtRBBPWLTBcLy9b/Ujvb0hOeF3w+9vC7M46Jc7LXzxS8bBC/yhP
UC+gsXfyu2kTR5MYaHsv9Umz6Lu+Dqb6hSxzCmstmhCB6lfHiYfZ2YnmDKZwceli
QE4mfqiBshZ330bLLK22FUi5oWJi62w3MhB17wJVr50CMK8QcoqZdfFiJvC2kOCa
TeFAAIFnT7a+rEOGbEpnDkBlHPuwmCUMnpqTMki6vJc06YZVtuX9c106ESYOt/fq
Aqjr/mIJXgQg82iTyyx1A6fCZIShyVP13LN0ti8W15suZ47PQhwR6YaxRY2vOt3Q
T9pRFwH1HgBI+KscWsrfPwqLgpz74RP/LnzBLwsId9ABKFhh/l5GPXAYX0YIP7wG
Ddetv90o6srTAg4B5kJj
=7vAe
-----END PGP SIGNATURE-----
--nextPart12117619.6CMhi9kxtE--
