[c-nsp] Use NTP server for syncing but do not respond to NTP requests
Mark Tinka
mark.tinka at seacom.mu
Sat Mar 22 10:55:58 EDT 2014
On Saturday, March 22, 2014 04:35:55 PM Drew Weaver wrote:
> I just applied an ACL to the ntp command and that fixed
> it, but you have to wonder why configuring an IOS device
> to synchronize with an external source would explicitly
> mean that you also want that IOS device to also be a
> clock source itself.
>
> That seems like a mistake given the current climate we
> are in (amp attacks)...
Juniper have the same issue. NTP client configurations turns
on NTP server mode as well.
Control plane filters are the only way to keep the server
side of the implementation inaccessible to anyone.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140322/a827f6c1/attachment-0001.sig>
More information about the cisco-nsp
mailing list