Last night, I shut down my NTP4.2.x servers until I can upgrade them.
The server that I have in the pool is running totally custom code -- it
will be interesting to see if the load on that goes up as other servers
get shut down.
I also started to capture NTP packets that were inbound to all the
systems that used to run NTP -- these were accessible from the Internet.
Happily I have seen no evidence of scanning activity. While this doesn't
mean that nobody is scanning (and I do know at least one organization
scanning for NTP), nobody is scanning at a high rate. Given the claims
that these bugs are already being exploited, this probably means that
they are being used in a targeted manner.
There appear to be >3 million exposed NTP servers on the internet.
Philip
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
