On 29 Jan 2014, at 09:52, John Rowe <[log in to unmask]> wrote:
> I've been warned that my SL 5.9 machine is potentially vulnerable to the
> recently announced DOS attack. As far as I can see both my 5.9 and 6x
> machines are running vulnerable versions, am I missing something or are
> we vulnerable?


Have a look at these two pages:
  https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
  https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2_Configure_Rate_Limiting_Access_to_an_NTP_service.html

I don't know if the fix has been back ported to EL or not (use the test in the first article to check) - if someone has warned you that you are vulnerable, the best option is to rate limit NTP clients.

Even if the fix has been back ported, rate limiting is still a good thing to do.

Regards,
  
Adam Bishop

 gpg: 0x6609D460

Janet, the UK's research and education network.


Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238