Date: Wed, 24 Dec 2014 12:31:03 -0500 From: Garrett Wollman <wollman@bimajority.org> To: Glen Barber <gjb@FreeBSD.org> Cc: freebsd-security@freebsd.org, Andrei <az@azsupport.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:31.ntp Message-ID: <21658.63575.447695.575072@hergotha.csail.mit.edu> In-Reply-To: <20141224171203.GF40485@hub.FreeBSD.org> References: <20141223233310.098C54BB6@nine.des.no> <20141224174216.6fd47466@azsupport.com> <20141224171203.GF40485@hub.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 24 Dec 2014 17:12:04 +0000, Glen Barber <gjb@FreeBSD.org> said: > On Wed, Dec 24, 2014 at 05:42:16PM +0100, Andrei wrote: >> On Wed, 24 Dec 2014 00:33:09 +0100 (CET) >> FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: >> > ports, namely tcp/123 and udp/123 when it is not clear that all >> > systems have been patched or have ntpd(8) stopped. >> >> Why tcp/123? >> > gjb@nucleus:~ % grep -i ^ntp /etc/services > ntp 123/tcp #Network Time Protocol > ntp 123/udp #Network Time Protocol It's IANA's policy to reserve the ports for both TCP and UDP. NTP does not use TCP, nor has it ever done so. It's highly unlikely that it ever will. You might as well tell people to firewall 123/sctp as well; it will have just as much effect. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21658.63575.447695.575072>