HPE Community
Operating System - HP-UX
1754321 Members
2582 Online
108813 Solutions
New Discussion

Who Me Too'd this topic

Mark Parsons
Valued Contributor

‎12-17-2015 10:25 AM

‎12-17-2015 10:25 AM

ntp

We are currently running servers on HP11.31 with the ntp version running being 4.2.6.5.0.

We have been told by our security group that we should upgrade ntp to 4.2.7p26. The latest version available for hpux being 4.2.6.6.0.

The reason we have been told to upgrade is:

The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. The monlist feature in ntp_request.c in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests. This issue allows an attacker to perform reflection distributed denial of service attacks.

As a workaround (due to the correct release not being available [yet]) is to add the following two lines to ntp.conf:

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

Does anybody out there know if this is correct or not or when the 4.2.7p26 version of ntp will be available for hpux.
Many thanks in advance.

 

1 person had this problem.
0 Kudos
Reply
Who Me Too'd this topic
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.