RE: [nsp] Cisco Security Advisory: NTP vulnerability

From: Damir Rajnovic (gaus@cisco.com)
Date: Fri May 10 2002 - 08:48:08 EDT

Next message: Zhang, Anchi: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Previous message: Damir Rajnovic: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
In reply to: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Next in thread: Cisco Systems Product Security Incident Response Team: "[nsp] Cisco Security Advisory: NTP vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Hi,

At 20:10 08/05/2002 +0200, KF wrote:
>Anyone aware, if ACL specified for NTP service in IOS are overlooked or ?

Do you mean to put an ACL on an interface? It is a valid workaround.
It is mentioned here:

======
Additionally, if you are not using NTP servers external from your network,
you can drop all NTP packets on the network boundary. This can be done by
the ACL as follows:
==

If it is not clear then I will have to update the advisory to make it
more clear.

Gaus
==============
Damir Rajnovic <psirt@cisco.com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/go/psirt> Telephone: +44 7715 546 033
200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GB, GB
==============
There is no insolvable problems.
The question is can you accept the solution?

Next message: Zhang, Anchi: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Previous message: Damir Rajnovic: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
In reply to: KF: "RE: [nsp] Cisco Security Advisory: NTP vulnerability"
Next in thread: Cisco Systems Product Security Incident Response Team: "[nsp] Cisco Security Advisory: NTP vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:44 EDT