Hi there We are still finding some JunOS devices vulnerable in our network to the NTP issue. For devices with an IP address on the loopback this has proven to be just an update to existing firewall filters where we allow the remote NTP servers we query from and include the loopback IP itself.
Most of the remaining devices do not have an IP address on the loopback which has presented a new challenge we were not expecting. If we apply an updated loopback firewall filter and attempt to filter NTP only to specific sources it will fail every time if there is no actual IP address on the loopback. Juniper says we must put an IP address on the loopback to work around this issue so I am wondering what other folks are doing in these specific situations? There are several options which to me the best would be to have Juniper actually fix this issue with a proper NTP implementation Thanks for any input Paul _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp