UNS: Re: NTP security hole CVE-2013-5211?
Garrett Wollman
wollman at bimajority.org
Fri Jan 10 03:14:48 UTC 2014
<<On Thu, 09 Jan 2014 21:08:41 +0700, Eugene Grosbein <eugen at grosbein.net> said:
> Other than updating ntpd, you can filter out requests to 'monlist' command
> with 'restrict ... noquery' option that disables some queries for
> the internal ntpd status, including 'monlist'.
For a "pure" client, I would suggest "restrict default ignore" ought
to be the norm. (Followed by entries to unrestrict localhost over v4
and v6.)
-GAWollman
More information about the freebsd-security
mailing list