• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TimeTools Logo

TimeTools

GPS NTP Network Time Servers and Time Synchronization Solutions

  • Products
    • NTP Server Appliances
    • NTP Wall Clocks
    • GPS Signal Distribution
    • GNSS Timing Antennas
    • Installation Accessories
  • How To Buy
  • Company
    • About TimeTools
    • Customer Reference List
    • Customer Testimonials
    • Management Team
  • Compliance
    • Quality Management and Compliance
    • EU WEEE Directive
    • Export Compliance
  • Support
    • User Guides and Manuals
    • T-Series Firmware Updates
    • SR-SC Series Firmware Updates
    • SR\SC Series
    • Installation
    • NTP
    • Security
  • Contact Us
You are here: Home / Support / SR\SC Series NTP Servers / Security Update: NTP Vulnerabilities – 5 January 2015

Security Update: NTP Vulnerabilities – 5 January 2015

July 11, 2017 by Editorial Staff

The NTP project (ntp.org) recently reported that current versions of the NTP distribution contain a number of security related issues. It reports that all NTP 4.x.x versions are affected. The vulnerabilities are specified by the following CVE-IDs: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296.

The specified vulnerabilities relate to the use of mode 6 and mode 7 packets and also the NTP ‘AutoKey’ feature.

NTP Mode 6 and Mode 7 Packet Vulnerabilities

A number of the reported issues are related to mode 6 and mode 7 packets. These vulnerabilities are only exploitable if a NTP server is allowed to respond to mode 6 and mode 7 packets from untrusted IP addresses.

TimeTools NTP servers can be configured to restrict the use of mode 6 and mode 7 packets by specifying the ‘restrict’ command in the devices “Edit NTP Configuration” web page.

Simply log into the devices web configuration pages using a web-browser and select the NTP button to go to the ‘NTP Configuration Menu’. Then select the ‘Edit NTP Configuration’ button to go to the ‘Edit Additional NTP Options’ page. Here you can enter the restrict function in the format below:


# NTP Additional Configuration File
#
# Add any further NTP configuration parameters here.
#
#
restrict default kod nomodify notrap nopeer noquery limited


When the restrict function has been added to the configuration file, save the file by clicking the ‘Save File’ button. The ‘NTP Configuration Menu’ will now be re-displayed. The NTP service now needs to be restarted for the changes to take effect by clicking the ‘Submit’ button.

Check the Log messages for any configuration errors to ensure that the command has been accepted by the NTP service and not mistyped. NTP only reports errors, therefore if there are no errors reported for the modified configuration, it will have been successfully accepted.

After restarting the NTP service, it will take 15 to 20 minutes for NTP to restart and re-synchronize itself to the configured reference clocks.

AutoKey Vulnerabilities

Additional NTP vulnerabilities are related to the NTP AutoKey feature. This feature has been found to contain a number of security issues and is not recommended as a secure way of providing network time synchronization services.

TimeTools NTP servers do not utilise the NTP AutoKey feature by default. This feature can only be enabled by editing the devices NTP configuration file manually, using the “Edit NTP Configuration” web page. We therefore recommend that anyone that has manually added the AutoKey feature to the NTP configuration file remove it.

Firewall Protection

For maximum security, TimeTools recommends that all NTP services are protected from untrusted networks by a firewall.

Filed Under: SR\SC Series NTP Servers

Primary Sidebar

Product Information

  • All Products
  • GPS & GNSS NTP Servers
    • T550
    • T300
    • T100
  • NTP Wall Clocks
    • T-ONT4xx
    • T-ONT6xx
    • T-ONTA12
  • GPS Signal Distribution
    • Splitters
    • Optical Fiber Link
  • GNSS Timing Antennas
    • T-3040
    • T-3740
  • Installation Accessories

Useful Information

  • Frequently Asked Questions
  • An Introduction To NTP
  • A Guide To GPS NTP Servers
  • NTP Best Practices
  • Hardware Reference Clocks: GPS, Multi-GNSS or Radio ?
  • Installing a T-Series NTP Server

Web Site Information

  • Privacy Policy
  • Standard Terms & Conditions For Sale Of Goods
  • Web-Site Terms Conditions
TimeTools is an ISO9001:2015 Registered Company

UK Sales: 01902 897400
International Sales: +44 1902 897400

Email: Sales@TimeToolsLtd.com

Footer

Web Site Information

  • Privacy Policy
  • Standard Terms & Conditions For Sale Of Goods
  • Web-Site Terms Conditions

Post Categories

  • News
  • NTP Posts
  • GPS Posts
  • Master Clock Posts
  • Time Synchronization Posts
  • All Categories

TimeTools Limited.
2 Silverend Business Park,
Brettell Lane,
Brierley Hill. DY5 3LG.
United Kingdom.

UK Sales: 01902 897400
International Sales: +44 1902 897400

Email: Sales@TimeToolsLtd.com

  • E-mail
  • Facebook
  • LinkedIn
  • Twitter

Copyright © 2021 TimeTools Limited. All Rights Reserved. All Trademarks Acknowledged.

This website uses cookies to ensure you get the best experience on our website.OkPrivacy Policy