Regarding the patch...
...its about time!
Sysadmins rejoice! NSFOCUS researchers say hundreds of thousands of Network Time Protocol (NTP) servers have been patched, reducing the threat from some devastating and cheap distributed denial of service (DDoS) attacks. The patching rampage saw the number of vulnerable NTP servers drop from 432,120 at the start of the year to …
that they have a NTP server running.
Me for example I was not aware that the IPMI interface of my supermicro server at a co-lo had a NTP server running (I knew it had a NTP client). My ISP notified me a few months ago that the IPMI interface participated in a DDOS attack and I shut off the NTP client (and thus server apparently which surprised me).
It is a standalone server, so there is no firewall or anything protecting it. It is a personal server, not a business thing.
Then last week I kicked my IPMI interface offline by upgrading the firmware to fix that security problem (a problem I could not even tell if impacted me the advisory was too vague and there was no changelog information in the firmware update). So some day I'll have to drive out on site again and re-ip the interface. Love that supermicro..... (not for business)