Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Denying NTP to the outside on 2620

In a recent audit this document was referenced;

http://www.kb.cert.org/vuls/id/970472

It is a NTP buffer overflow vulnerability and suggests shuting it down.

Is this a concern, and if so how do I best shut it down?

Thanks,

Andy

1 REPLY

Re: Denying NTP to the outside on 2620

Hi,

Which system is being audited? Cisco/IOS? IBM/AIX? Linux? Unix?

Was there a vulnerability test perform for the auditor to refer the result to the mentioned link?

The document was publiched 7 years ago, surely it has been rectified by patches.

NTPD is always prone to remote buffer overflow attack because it runs in UDP. However, you can setup your NTP using the following level of security;

- setup one or two systems to sync to NTP outside your network and sync all your devices to these two systems.

- password

- ACL between source/destination

- regularly update/patch

In any auditing, you have to defend the need supported by precautions and by following documented process/standards if the service providing the need has some weaknesses. There is no perfect security, but make sure you are always 1 step ahead.

Regards,

Dandy

109
Views
5
Helpful
1
Replies