[ntp:questions] Mitigating the ::1 spoof vulnerability

Marco Marongiu brontolinux at gmail.com
Fri Feb 6 14:30:42 UTC 2015


Hi David, and thanks for answering

On 06/02/15 14:44, David Woolley wrote:
>> Debian Squeeze doesn't have a patched package available in the
>> squeeze-lts series yet. On those clients would a restriction like
>>
>> restrict ::1 ignore
>>
>> mitigate the vulnerability?
>>
> 
> Sounds more like you need to fix the firewall.

That's understood and it's the advised solution. However, for reason I
can't elaborate here, I can't fire up a firewall on every node just for
this. If using restrict ignore would prevent the vulnerability to be
exploited, we'd be fine with that on pre-wheezy nodes.

What do you think?

Ciao
-- bronto




More information about the questions mailing list