RE: [nsp] Cisco Security Advisory: NTP vulnerability

From: KF (kf@reign.sk)
Date: Fri May 10 2002 - 09:02:59 EDT


Nono...

I was thinking of using access list for NTP daemon e.g. ntp access-group server 99.....

or?

cheers

alex

>
> Hi,
>
> At 20:10 08/05/2002 +0200, KF wrote:
> >Anyone aware, if ACL specified for NTP service in IOS are
> overlooked or ?
>
> Do you mean to put an ACL on an interface? It is a valid workaround.
> It is mentioned here:
>
> ======
> Additionally, if you are not using NTP servers external from
> your network,
> you can drop all NTP packets on the network boundary. This
> can be done by
> the ACL as follows:
> ==
>
> If it is not clear then I will have to update the advisory to make it
> more clear.
>
> Gaus
> ==============
> Damir Rajnovic <psirt@cisco.com>, PSIRT Incident Manager,
> Cisco Systems
> <http://www.cisco.com/go/psirt> Telephone: +44 7715 546 033
> 200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
> ==============
> There is no insolvable problems.
> The question is can you accept the solution?
>
>
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:56 EDT