Le 2014/02/13 11:35 +0100, Bob Friesenhahn a écrit:
On Wed, 12 Feb 2014, Saso Kiselkov wrote:
Prudent advice, yes, but I can't think of any situation where an openly
accessible NTP service on an Internet-facing machine that isn't
*specifically* configured to be an NTP server isn't a case of bad
On Wed, 12 Feb 2014, Saso Kiselkov wrote:
What services was the system providing? Was NTP one of them? If not,
then why were you not running ipf? Always use layered defenses, minimize
attack surfaces and don't assume services are configured properly out of
the box, or that they are without bugs.
On 2/12/14, 5:35 PM, Bob Friesenhahn wrote:
> On Wed, 12 Feb 2014, Saso Kiselkov wrote:
>>
>> Prudent advice, yes, but I can't think of any situation where an openly
>> accessible NTP service on an Internet-facing machine that isn't
>> *specifically* configured to be an NTP server isn't a case of b
On Wed, 12 Feb 2014, Saso Kiselkov wrote:
Prudent advice, yes, but I can't think of any situation where an openly
accessible NTP service on an Internet-facing machine that isn't
*specifically* configured to be an NTP server isn't a case of bad admin
negligence. *All* Internet-facing machines sho
In message <20140212154040.ga10...@mail.messagingengine.com>, Gary Mills writes
:
>4.2.7p411, which I assume is not vulnerable. My Solaris 11.1 desktop
>only runs version 4.2.5p200, putting it behind the OI version. It
>likely is vulnerable.
Oracle's Solaris support repo is serving:
pkg://solari
On Wed, Feb 12, 2014 at 02:48:20PM +, Saso Kiselkov wrote:
> On 2/12/14, 2:43 PM, Gary Mills wrote:
> > For those who haven't already heard about this NTP exploit, it begins
> > with a single UDP packet sent to a computer running the NTP service.
> > With the default configuration, a monlist qu
On 2/12/14, 2:43 PM, Gary Mills wrote:
> For those who haven't already heard about this NTP exploit, it begins
> with a single UDP packet sent to a computer running the NTP service.
> With the default configuration, a monlist query will result in many
> packets being returned to the source of the q
For those who haven't already heard about this NTP exploit, it begins
with a single UDP packet sent to a computer running the NTP service.
With the default configuration, a monlist query will result in many
packets being returned to the source of the query. All it takes is a
spoofed source address