Date: Thu, 9 Jan 2014 22:14:43 -0500 From: Garrett Wollman <wollman@bimajority.org> To: Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-security@freebsd.org, Palle Girgensohn <girgen@FreeBSD.org> Subject: UNS: Re: NTP security hole CVE-2013-5211? Message-ID: <21199.26019.698585.355699@hergotha.csail.mit.edu> In-Reply-To: <52CEAD69.6090000@grosbein.net> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 09 Jan 2014 21:08:41 +0700, Eugene Grosbein <eugen@grosbein.net> said: > Other than updating ntpd, you can filter out requests to 'monlist' command > with 'restrict ... noquery' option that disables some queries for > the internal ntpd status, including 'monlist'. For a "pure" client, I would suggest "restrict default ignore" ought to be the norm. (Followed by entries to unrestrict localhost over v4 and v6.) -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21199.26019.698585.355699>