[pkg-ntp-maintainers] Bug#813132: ntp: provide configuration/system integration to use dedicated/firewalled IPv6 addresses for NTP clients
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jan 29 17:14:27 UTC 2016
Package: ntp
Severity: wishlist
X-Debbugs-Cc: hazel at meddlingmojo.com
Control: subscribe -1
Hi Debian NTP maintainers--
Over on oss-security, it's been announced that some operators of IPv6
servers in the NTP pool who are using their position in the pool to
probe active IPv6 addresses.
One participant in the discussion proposed a mitigation technique where
NTP IPv6 clients could just allocate a dedicated IPv6 address that would
be otherwise firewalled and used only for NTP.
I think the mitigation proposal (included in full below) is actually
quite a nice idea, and something ideally suited for O/S distributions.
Is this something we could integrate into one of the debian packages
somehow?
You can see the message in context at:
http://openwall.com/lists/oss-security/2016/01/29/4
Regards,
--dkg
-------------- next part --------------
An embedded message was scrubbed...
From: Hazel <hazel at meddlingmojo.com>
Subject: Re: [oss-security] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes
Date: Fri, 29 Jan 2016 14:21:01 +0000
Size: 2645
URL: <http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20160129/c563d6a3/attachment.mht>
More information about the pkg-ntp-maintainers
mailing list