16 Feb
2014
16 Feb
'14
10:59 p.m.
On Monday, February 17, 2014 04:38:06 AM Brian Rak wrote:
There is no excuse to still be running a NTP server with monlist enabled. Fix your configuration, and you don't need IPTables rules.
Juniper's Junos implementation (which is based on FreeBSD) hasn't been patched Using firewall filters is the only way to mitigate the vulnerability. For those with Juniper access: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613&actp=SUBSCRIPTION It's not clear when the software patch will be made available. As it were, ScreenOS and JUNOSe are not affected, as they don't support the MONLIST feature. Mark.