On Sunday, July 12, 2015, Alistair Mackenzie <magicsata@gmail.com> wrote:
I’m currently running a scan of the internet and querying NTP versions.
I’ll publish the results of it on Github and mail them in here :)
Please don't. Please see http://openntpproject.org/
On 12/07/2015 15:15, "NANOG on behalf of Mike O'Connor" < nanog-bounces@nanog.org <javascript:;> on behalf of mjo@dojo.mi.org <javascript:;>> wrote:
:Thanks, and I'm kinda stunned that folks are running such ancient :versions of NTP.
I suggest you get accustomed to being stunned.
:https://support.ntp.org/bin/view/Dev/ReleaseTimeline : :4.2.0 was EOL'd in June of 2006, and we've fixed about 3,000 issues in :the codebase since then.
4.2.0 may have been EOL'd in 2006, but it was still shipping as the default in FreeBSD until 2009.
Out of those 3000 issues, only a tiny fraction are security-related that would apply to JunOS. I expect that they backport security and other fixes as necessary, until some bigger engineering effort and|or headache calls for a forklift/mass upgrade of things.
-- Michael J. O'Connor mjo@dojo.mi.org <javascript:;>
=--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"Fire me, boy!" -The Human Bullet