HPE Community
Operating System - HP-UX
1838604 Members
3507 Online
110128 Solutions
New Discussion

Re: System Clock Vulnerability

 
Kyle D. Harris
Regular Advisor

‎12-15-2003 06:02 AM

‎12-15-2003 06:02 AM

System Clock Vulnerability

Hello all-
I am trying to syncronize my systems clocks with a Straus 2 server that is near me (U of Georgia). It is a easy fix but I get this error:

"Could not establish connection. Either 209.195.3.50 is not availiable or firewall settings on your computer are blocking NTP connections"

I'm Pretty sure it's the firewall. Which goes to my next question, How to I make it so the NTP connections don't get blocked? Thanks!

Kyle
0 Kudos
Reply
8 REPLIES 8
RAC_1
Honored Contributor

‎12-15-2003 06:04 AM

‎12-15-2003 06:04 AM

Re: System Clock Vulnerability

Check port required for ntp is open.

contact ur firewall administrator

ntp uses port 123.

(Check /etc/services file)
There is no substitute to HARDWORK
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-15-2003 06:07 AM

‎12-15-2003 06:07 AM

Re: System Clock Vulnerability

Open up udp port 123. NTP is not considered to be a significant vulnerability.
If it ain't broke, I can fix that.
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎12-15-2003 06:08 AM

‎12-15-2003 06:08 AM

Re: System Clock Vulnerability

Hi

Try a trace route to 209.195.3.50 and see where is stops


Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
Kyle D. Harris
Regular Advisor

‎12-15-2003 06:48 AM

‎12-15-2003 06:48 AM

Re: System Clock Vulnerability

The Port was open. NTP was listed as a "Medium Risk" on my Vulnerability sheet I got.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-15-2003 06:58 AM

‎12-15-2003 06:58 AM

Re: System Clock Vulnerability

Hi Kyle,

1) Verify the 123/UDP is open in *both* directions.
2) Verify that your host is allowed to connect to the UofG server.
3) Run netstat -an | grep 123 & make sure you have a line like
udp 0 0 *.123 *.*

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Kyle D. Harris
Regular Advisor

‎12-15-2003 07:05 AM

‎12-15-2003 07:05 AM

Re: System Clock Vulnerability

What did you mean make sure the port is open in "both" directions??

The traceroute stopped at 30 by the way.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-15-2003 07:09 AM

‎12-15-2003 07:09 AM

Re: System Clock Vulnerability

By both directions I mean that 123/UDP traffic is allowed out as well as in through the firewall.

And by stopped at 30 do you mean it made 30 hops & then stopped?

If so you have a router out there that's sending you on a bad route. 30 hops is the max allowed for TCP connections.

Are there a bunch that are all the same or a loop i.e. goes to router A & to router B & back to A & back to B & on & on? Then that's the problem.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Kyle D. Harris
Regular Advisor

‎12-15-2003 07:15 AM

‎12-15-2003 07:15 AM

Re: System Clock Vulnerability

Yes, to 30, then the prompt came back up.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.