RE: [nsp] Cisco Security Advisory: NTP vulnerability

From: Damir Rajnovic (gaus@cisco.com)
Date: Fri May 10 2002 - 09:13:08 EDT

Next message: Zhang, Anchi: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Previous message: Damir Rajnovic: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
In reply to: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Next in thread: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Reply: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Reply: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

At 15:02 10/05/2002 +0200, KF wrote:
>I was thinking of using access list for NTP daemon e.g. ntp access-group server 99.....

You can use ntp access-group server but only to mitigate the exposure.
All you need to do is to spoof the right source IP. This will allow
the execution of control packets so you are still exposed.

Gaus

==============
Damir Rajnovic <psirt@cisco.com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/go/psirt> Telephone: +44 7715 546 033
200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
==============
There is no insolvable problems.
The question is can you accept the solution?

Next message: Zhang, Anchi: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Previous message: Damir Rajnovic: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
In reply to: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Next in thread: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Reply: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Reply: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:56 EDT