cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
234
Views
5
Helpful
1
Replies

Denying NTP to the outside on 2620

averheaghe
Level 1
Level 1

In a recent audit this document was referenced;

http://www.kb.cert.org/vuls/id/970472

It is a NTP buffer overflow vulnerability and suggests shuting it down.

Is this a concern, and if so how do I best shut it down?

Thanks,

Andy

1 Reply 1

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

Which system is being audited? Cisco/IOS? IBM/AIX? Linux? Unix?

Was there a vulnerability test perform for the auditor to refer the result to the mentioned link?

The document was publiched 7 years ago, surely it has been rectified by patches.

NTPD is always prone to remote buffer overflow attack because it runs in UDP. However, you can setup your NTP using the following level of security;

- setup one or two systems to sync to NTP outside your network and sync all your devices to these two systems.

- password

- ACL between source/destination

- regularly update/patch

In any auditing, you have to defend the need supported by precautions and by following documented process/standards if the service providing the need has some weaknesses. There is no perfect security, but make sure you are always 1 step ahead.

Regards,

Dandy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: