Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1994
Views
5
Helpful
3
Replies

NTP Master problem

Go to solution
mohamed.ali
Level 1
Level 1

‎11-06-2017 12:16 PM - edited ‎02-21-2020 06:39 AM

Dears plz i want your support to this issue 

 

=: An NTP control (mode 6) message with the UNSETTRAP (31) opcode with an unknown association identifier will cause NTP to respond with two packets -- one error response packet indicating that the association identifier was invalid followed by another nonerror, largely empty response. Because the number of packets sent as the response is greater than the single packet request, this can be used to conduct a DRDoS attack using vulnerable NTP servers as the unwitting third parties.

 

 

Apply a restrict option to all hosts that are not authorized to perform NTP queries. For example, to deny query requests from all clients, put the following in the NTP configuration file, typically /etc/ntp.conf, and restart the NTP service:  

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mohamed.ali
Level 1
Level 1
In response to Flavio Miranda

‎11-06-2017 11:11 PM

exactly dear,

please note that it's coreSW Catalyst 6807

how can i solve this issue?

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Flavio Miranda
VIP
VIP

‎11-06-2017 05:19 PM

Hi @mohamed.ali

Which device we are talking about? Switch, router, firewall, etc?

Looks like someone ran an audit tool and asked you to fix this right?

 

 

 

-If I helped you somehow, please, rate it as useful.-

Go to solution
mohamed.ali
Level 1
Level 1
In response to Flavio Miranda

‎11-06-2017 11:11 PM

exactly dear,

please note that it's coreSW Catalyst 6807

how can i solve this issue?
0 Helpful

Go to solution
johnd2310
Level 8
Level 8
In response to mohamed.ali

‎11-08-2017 04:38 PM

Hi,

Are you using the switch as ntp master? if so, then you will need to restrict who can query that switch.Create an access-list with addresses that are allowed to query time and apply to ntp access-group serve-only e.g.

 

access-list 10 permit 192.168.10.0 0.0.0.255 

ntp access-group serve-only 10

 you can then create an access-list with deny any and apply it using the ntp access-group serve and ntp access-group query-only.

configure you ntp servers and you can use ntp access-group peer to restrict the address your switch will get time from.

 

thanks

John

**Please rate posts you find helpful**
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card