Denying NTP to the outside on 2620

Unanswered Question
Feb 15th, 2008

In a recent audit this document was referenced;

http://www.kb.cert.org/vuls/id/970472

It is a NTP buffer overflow vulnerability and suggests shuting it down.

Is this a concern, and if so how do I best shut it down?

Thanks,

Andy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Danilo Dy Fri, 02/15/2008 - 09:11

Hi,

Which system is being audited? Cisco/IOS? IBM/AIX? Linux? Unix?

Was there a vulnerability test perform for the auditor to refer the result to the mentioned link?

The document was publiched 7 years ago, surely it has been rectified by patches.

NTPD is always prone to remote buffer overflow attack because it runs in UDP. However, you can setup your NTP using the following level of security;

- setup one or two systems to sync to NTP outside your network and sync all your devices to these two systems.

- password

- ACL between source/destination

- regularly update/patch

In any auditing, you have to defend the need supported by precautions and by following documented process/standards if the service providing the need has some weaknesses. There is no perfect security, but make sure you are always 1 step ahead.

Regards,

Dandy

Actions

This Discussion