On 06/02/15 12:17, Marco Marongiu wrote:
I'm referring to this one in particular: "::1 can be spoofed on some
OSes, so ACLs based on IPv6 ::1 addresses can be bypassed".
Debian Squeeze doesn't have a patched package available in the
squeeze-lts series yet. On those clients would a restriction like
restrict ::1 ignore
mitigate the vulnerability?
Sounds more like you need to fix the firewall. Firewalls should not
allow incoming source address 127.0.0.1 and internet level firewalls
should not allow private use only source addresses.
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
