Showing results for 
Search instead for 
Did you mean: 


Effect of using "ntp allow mode control 0"?

I am attempting to mitigate the issues surrounding bug report CSCum44673.  According to the software release notes found here, I need to ensure that all of my routers are on IOS version 15.2(2) or newer.  I also believe I need to include the statement "ntp allow mode control 3" on each of them. 


So far I've verified that all of my routers are on newer software versions than that.  What I am confused about is that many of them include the statement, "ntp allow mode control 0".  I was under the impression that the only allowed values were from 3 - 15.  I was also under the impression that a value of 3 was the default value.


What is the effect of using a 0 for the value? 


Does this effectively mean that rate limiting of ntp queries is turned off and that the router is still vulnerable to the potential DoS attack described in that bug report? 


Is this command only useful if the router is setup as an ntp master ("ntp master 3" for example in the config)? 


If it is only configured to synchronize with an ntp server located elsewhere ("ntp server x.x.x.x" in the config) does this command have any use?


Thanks for any clarification.

Everyone's tags (2)
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards