1748028 Members
4928 Online
108757 Solutions
New Discussion

Re: ntp

 
Mark Parsons
Valued Contributor

ntp

We are currently running servers on HP11.31 with the ntp version running being 4.2.6.5.0.

We have been told by our security group that we should upgrade ntp to 4.2.7p26. The latest version available for hpux being 4.2.6.6.0.

The reason we have been told to upgrade is:

The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. The monlist feature in ntp_request.c in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests. This issue allows an attacker to perform reflection distributed denial of service attacks.

As a workaround (due to the correct release not being available [yet]) is to add the following two lines to ntp.conf:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Does anybody out there know if this is correct or not or when the 4.2.7p26 version of ntp will be available for hpux.
Many thanks in advance.

 

3 REPLIES 3
Ajin_1
Valued Contributor

Re: ntp

The latest version below

 

Release date

NTPv4 HP-UX 11i v3 C.4.2.6.6.0 May 2015

Thanks & Regards
Ajin.S
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Mark Parsons
Valued Contributor

Re: ntp

That is the version we have currently loaded!

Mark Parsons
Valued Contributor

Re: ntp

It seemed a bit silly to go from 4.2.6.5 to 4.2.6.6 but I did it anyway.