Date: Tue, 14 Jan 2014 14:11:32 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Garrett Wollman <wollman@bimajority.org> Cc: freebsd-security@freebsd.org, Palle Girgensohn <girgen@FreeBSD.org> Subject: Re: UNS: Re: NTP security hole CVE-2013-5211? Message-ID: <868uuid7y3.fsf@nine.des.no> In-Reply-To: <21199.26019.698585.355699@hergotha.csail.mit.edu> (Garrett Wollman's message of "Thu, 9 Jan 2014 22:14:43 -0500") References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <21199.26019.698585.355699@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman <wollman@bimajority.org> writes: > For a "pure" client, I would suggest "restrict default ignore" ought > to be the norm. (Followed by entries to unrestrict localhost over v4 > and v6.) Pure clients shouldn't use ntpd(8). They should use sntp(8) or a lightweight NTP client like ttsntpd. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?868uuid7y3.fsf>