[ntp:questions] Mitigating the ::1 spoof vulnerability
Marco Marongiu
brontolinux at gmail.com
Fri Feb 6 14:30:42 UTC 2015
Hi David, and thanks for answering
On 06/02/15 14:44, David Woolley wrote:
>> Debian Squeeze doesn't have a patched package available in the
>> squeeze-lts series yet. On those clients would a restriction like
>>
>> restrict ::1 ignore
>>
>> mitigate the vulnerability?
>>
>
> Sounds more like you need to fix the firewall.
That's understood and it's the advised solution. However, for reason I
can't elaborate here, I can't fire up a firewall on every node just for
this. If using restrict ignore would prevent the vulnerability to be
exploited, we'd be fine with that on pre-wheezy nodes.
What do you think?
Ciao
-- bronto
More information about the questions
mailing list