NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to use in a distributed denial-of-service (DDoS) attack. Please also take this opportunity to defeat denial-of-service attacks by implementing ingress and Egress filtering through BCP38.See NMEARefclockUsersDev for discussion of this topic.
A new set of mode 6 vulnerabilities has been discovered and, while these vulnerabilities can be reduced by making sure you have
restrict default … noqueryin your
ntp.conffile, the best and most complete way to avoid these vulnerabilities is to install and deploy
ntp-4.2.8which was released on 18 December 2014.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.