[c-nsp] Problem encountered while securing NTP
Kevin Graham
kgraham at industrial-marshmallow.com
Tue Oct 6 19:54:43 EDT 2009
> The problem I'm running into today is that the 'access-group peer' statements on
> the NTP servers are matching local clients with ACL 6 as well as configured
> stratum-1 peers (successfully matching the peers at that). The local clients
> should be matched with the 'access-group serve-only' ACL 6, but for some reason
> they are not.
CSCsw79186. Its broken more than the bug suggests; both v3 and v4 clients are
get applied only to the 'peer' access-group. I had meant to bring this to
PSIRT's attention when the advisory went out, but got distracted by something
shiny.
More information about the cisco-nsp
mailing list