"Harlan Stenn" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >>>> In article <[EMAIL PROTECTED]>, "Maarten Wiltink" <[EMAIL PROTECTED]> writes:
>>> All right, there are, or were, fifteen reported exploits. None is >>> dated more recently than 2004 and some seem to be complaining about >>> ten year old software distributed by companies such as Sun, Redhat, >>> Debian, etc. > > Maarten> Still distributed right now, yes. For all those people who > Maarten> aren't allowed to run something not backed by RFCs, and then > Maarten> come here with questions about something called xntp. Sound > Maarten> familiar? > > What's your point? I don't see how what you just said applies to the > thread. I object to Richard's statement that old vulnerabilities are irrelevant and no cause for concern. More than most other software, NTP is haunted by users of old versions. > Maarten> I will work on the assumption that there are exploits in the > Maarten> current NTP until you _prove_ to me it's safe, and I'm not > Maarten> holding my breath. > > Are you volunteering to perform or pay for a code audit? Don't be silly. I'll just teach my firewall to block access from untrusted sources to my NTP server, as I do for every service on every host. Richard says not to worry, there are no recent vulnerabilities known. I say never to stop worrying, there are too many unknowns. Groetjes, Maarten Wiltink _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
