[c-nsp] Use NTP server for syncing but do not respond to NTP requests

Drew Weaver drew.weaver at thenap.com
Sat Mar 22 10:35:55 EDT 2014


Yeah,

I just applied an ACL to the ntp command and that fixed it, but you have to wonder why configuring an IOS device to synchronize with an external source would explicitly mean that you also want that IOS device to also be a clock source itself.

That seems like a mistake given the current climate we are in (amp attacks)...

-Drew

-----Original Message-----
From: Tom Storey [mailto:tom at snnap.net] 
Sent: Saturday, March 22, 2014 10:31 AM
To: Drew Weaver
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Use NTP server for syncing but do not respond to NTP requests

Control plane policy perhaps? Block inbound NTP packets that arent from desired sources (i.e. your upstream clocks.)

On 22 March 2014 14:04, Drew Weaver <drew.weaver at thenap.com> wrote:
> Hello all,
>
> Can anyone tell me how to configure IOS to use an NTP server for syncing the clock but don't respond to NTP requests from random clients?
>
> So far I have tried ntp server (ip address), ntp peer (ip address) they all seem to turn the device in question into an NTP server (which I don't want).
>
> Thanks,
> -Drew
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list