David Talkington wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I have just heard from one person here at UI who says the published
> exploit successfully crashed xntpd 3-5.93e on his Linux workstation.
>
I am unable to tell from the bugtrac message how this is explioted. I
have our xntpserver behind a masqerading firewall and a a result it is
in a private ip address space. Am I correct in assuming that the
exploit would look like someone trying to get the time from my machine?
If this is the case I should be ok, right?
FYI -I had a couple of other firewall machines on the other end of ssh
based vpns from our primary office firewall that were directly connected
to the internet and used to go after the time directly to nearby ntp
server but I reconfiged them to go to our office timeserver and then
added firewall rules blcoking port 123 (both tcp and udp ) from the
exposed port. ntpdate calles to the machines now fail but the remote
firewalls are syned to the office. Seems to work pretty well. I also
blocked 123 on the exposed interface from our firewall and since the
masqed connection from inside uses on of the really high ports every
thing seems to work.
If someone sees an error in this setup I would appreciate some
feedback. Other wise I am feeling pretty good about right now.
BTW I have not seen an attempt against port 123 on any of the three
firewalls yet. Anyone else?
Bret
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
