Sean, You should really set up your Firebox to be your NTP time server. Then point all your internal servers to its private ip address. That way you are not exposing your entire network and only have to worry about your Firebox being vulnerable.
Also its much better netiquette to point 1 device to a public time server and serve yourself from your own "time server" then it is to point all your device to a public time server. - David ----- Original Message ----- From: "Sean Martin" <[EMAIL PROTECTED]> To: "NT System Admin Issues" <[EMAIL PROTECTED]> Sent: Thursday, September 27, 2001 5:05 PM Subject: RE: Known vulnerabilities w/ NTP? > I did use the ntp service on my Firebox so I think I'm alright. I also only > allow incoming connections from 3 different time servers and used nat to one > server. I should be good to go. Thanks for the help. > > Regards, > > Sean Martin, MCSE > Network Administrator > Ribelin Lowell & Company > Insurance Brokers, Inc. > 3111 C Street, Suite 300 > Anchorage, Alaska 99503 > Ph: (907) 561-1250 > Fax: (907) 561-4315 > Cell: (907) 229-0885 > Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > -----Original Message----- > From: Dean Cunningham [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 27, 2001 3:57 PM > To: NT System Admin Issues > Subject: RE: Known vulnerabilities w/ NTP? > > > I know of none for NT. > I run an NTP service in my DMZ to pull the time off a specific NTP server on > the net. > I then allow one NTP server internally to access my DMZ one. > but , hey, I am paranoid. > if the firebox has a ntp service available on it from the vendor, use that > one. It is more likely to be "invulnerable" > > regards > Dean > > -----Original Message----- > From: Sean Martin [mailto:[EMAIL PROTECTED]] > Sent: Friday, 28 September 2001 11:21 a.m. > To: NT System Admin Issues > Subject: Known vulnerabilities w/ NTP? > > > Hey folks, > > This may be slightly off-topic, so please accept my apologies. > > I was just wondering if you "old-tim...." ummm....."experienced" folks knew > about any vulnerabilities with opening the NTP service UDP & TCP 123 through > my firewall to one designated server. > > I've found some vulnerabilities listed but they seem to only effect the > listed platforms below. Any for NT and/or WatchGuard Firebox II? > > Hewlett-Packard: > HP9000 Series 700/800 running HP-UX releases 10.XX and 11.XX. > > Red Hat: > Red Hat Linux 6.2 and earlier (for xntpd). > Red Hat Linux 7.0 (for ntpd). > > NetBSD: > NetBSD prior to 1.4. > NetBSD 1.4 and 1.5. > NetBSD-CURRENT prior to 2001-04-05. > > FreeBSD: > FreeBSD 3.x (all releases). > FreeBSD 4.x (all releases). > FreeBSD 3.5-STABLE and 4.2-STABLE prior to the correction date 2001-04-06. > FreeBSD ports collection prior to the correction date 20001-04-06. > > Caldera: > OpenLinux 2.3 (All packages previous to xntp-3.5.93e-5) > OpenLinux eServer 2.3.1 and OpenLinux eBuilder (All packages previous to > xntp-3.5.93e-5) > OpenLinux eDesktop 2.4 (All packages previous to xntp-4.0.97-2) > > Regards, > > Sean Martin, MCSE > Network Administrator > Ribelin Lowell & Company > Insurance Brokers, Inc. > 3111 C Street, Suite 300 > Anchorage, Alaska 99503 > Ph: (907) 561-1250 > Fax: (907) 561-4315 > Cell: (907) 229-0885 > Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > DO NOT read, copy or disseminate this communication unless you are the > intended addressee. This e-mail communication contains confidential and/or > privileged information intended only for the addressee. If you have received > this communication in error, please call us immediately at (907) 561-1250 > and ask to speak to the sender of the communication. Also, please e-mail the > sender and notify the sender immediately that you have received the > communication in error. > > Want to unsub? Do that here: > http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: > http://www.ultratech-llc.com/KB/ > *************************************************** > This e-mail is not an official statement of the > Waikato Regional Council unless otherwise stated. > Visit our website http://www.ew.govt.nz > *************************************************** > > Want to unsub? Do that here: > http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: > http://www.ultratech-llc.com/KB/ > DO NOT read, copy or disseminate this communication unless you are the > intended addressee. This e-mail communication contains confidential and/or > privileged information intended only for the addressee. If you have received > this communication in error, please call us immediately at (907) 561-1250 > and ask to speak to the sender of the communication. Also, please e-mail the > sender and notify the sender immediately that you have received the > communication in error. > > Want to unsub? Do that here: > http://www.w2knews.com/rd/rd.cfm?id=unsub > Need a good FAQ? Try this one first: > http://www.ultratech-llc.com/KB/ > Want to unsub? Do that here: http://www.w2knews.com/rd/rd.cfm?id=unsub Need a good FAQ? Try this one first: http://www.ultratech-llc.com/KB/
