Hi Guru
I need to know which version of NTP is install in Solaris 10 box. How can I check it.
IF NTP 3 in implemented then somebody told me implement NTP 4 due to security reasons, for that I have to tell what are the vulnerabilities present in NTP 3 to higher authorities. I could not able to get vulnerabilities present in NTP 3 through google. Kindly help me in this regard
Regards
The time on your systems could be subverted a causing denial attack.
Whch ever version of NTP you are using if you are in control of your NTP server you can make your NTP system use an encryption key, according to this page:
http://www.eecis.udel.edu/~mills/ntp/html/keygen.html
what they are proposing requires NTPv4 to be used.
This:
ConfiguringAutokey < Support < NTP
may help in setting this up.
and this page:
http://support.ntp.org/bin/view/Main/SecurityNotice
carries security notices relating to NTP.
Solaris Version 9 (SunOS 5.9) and earlier have the xntpd version 3 protocol see RFC 1305.., The most current protocol is version 4 - only RFC 2030 exists now for it. This is not complete.
Read your man page - it tells you the default protocol for xntpd (NTP)
I am not aware of specific problems. Go to the ntp website and search in reports there.
ntp.org: Home of the Network Time Protocol
---------- Post updated at 14:36 ---------- Previous update was at 14:35 ----------
Tony -
do you have a link for the denial of service attack warning?
No, it is something I was aware of at the back of my mind, could well only apply to earlier NTP protocols, I did a lot of work with NTP and a time receiver back in 1999...
thanks for your inputs Guys, its a great knowledge sharing on NTP
Keep it up
Thanks for the kind Inputs....gurus. Its helped me a lots