So an ntpd "client" is safe from a malicious server? If so then I will re-enable adding servers to the pool.
I'd like to put a post on the ntppool news site so anything you can add about what the exposure is would be helpful. It sounds like disabling crypto config and restricting "query" to networks that are safe with appropriate firewall rules mitigates the issues, is that correct? Ask > On Dec 21, 2014, at 22:45, Harlan Stenn <[email protected]> wrote: > > If you have been following BCP and only allow 'query' from trusted hosts > you are protected from these attacks. > > Sorry I'm not writing more about this. I have a HUGE amount of work to > do still that is arguably more important than providing supporting > information to that statement. But anybody who gives a little thought > to what is going on with these announced problems will see why the above > is true. > -- > Harlan Stenn <[email protected]> > http://networktimefoundation.org - be a member! > > > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
