Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1157
Views
5
Helpful
1
Replies

NTP attack?

astefanova
Level 1
Level 1

‎08-20-2009 12:55 AM - edited ‎03-04-2019 05:47 AM

Hi Guys,

Would you please help with this logs:

Aug 20 11:49:02.242: NTP Core (NOTICE): ntp_receive: dropping message: unsynch.

Aug 20 11:49:19.170: NTP Core (NOTICE): ntp_receive: dropping message: unsynch.

The device is a NTP master for the network. Is there an NTP atack going on?

Regards,

Labels:
0 Helpful
1 Reply 1

slmansfield
Level 4
Level 4

‎08-20-2009 08:31 AM

I don't think so. There are a number of reasons why NTP synchronization is failing.

If your Cisco device is configured as the NTP MASTER, it will override a valid time source. Configuring multiple machines in the same network with the ntp master command can cause instability in timekeeping if the machines do not agree on the time.

You might consider configuring your "master" with an NTP server that is on the Internet. Cisco devices are not really meant to be authoritative time sources.

You might also check authentication if you're using it, and any NTP access-list entries to ensure that they are correct. Also, any firewalls between your NTP server and other devices should allow UDP port 123 in both directions.

Here is a URL that provides details on how to configure NTP. I find that many problems can be traced to configuration errors.

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001202

HTH

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card