Dear Juniper, Please tell me you didn't actually do this. Please tell me that I'm just missing something, and that you would never do something so insane. Did you guys REALLY ship code that automatically enables an NTP server that responds to the world, with no authentication or options to restrict access or commands, whenever someone configures the router to be an NTP client? Because that's sure what it looks like.
The documentation on the subject is interesting too: http://www.juniper.net/techpubs/en_US/junos13.1/topics/task/configuration/network-time-protocol-time-server-time-services-configuring.html Configuring the Router or Switch to Operate in Client Mode: * Do something Configuring the Router or Switch to Operate in Server Mode: * Do the exact same thing Sigh... I'd be more disappointed, but hey it doesn't crash anything when someone uses your routers as an NTP reflection attack amplifier, so I suppose you can at least be proud of that. For anyone who doesn't know what I'm talking about, you might want to read: http://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 And then start making sure UDP/123 is blocked in your lo0 firewall filters. -- Richard A Steenbergen <r...@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp