[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NTP for ASBRs?

Subject: NTP for ASBRs?
From: bernat at luffy.cx (Vincent Bernat)
Date: Wed, 08 May 2019 16:22:25 +0200
In-reply-to: <[email protected]> (Lars Prehn's message of "Wed, 8 May 2019 09:56:33 +0200")
References: <[email protected]>

 â?¦  8 mai 2019 09:56 +02, Lars Prehn <lprehn at mpi-inf.mpg.de>:

> do you NTP sync your AS boundary routers? If so, what are incentives
> for doing so? Are there incentives, e.g. security considerations, not
> to do it?

Ensure you have a firewall rule in place to prevent people to use your
router for NTP amplification. NTP clients are also servers. On Juniper
devices:

policy-options {
    prefix-list ntp-servers {
        apply-path "system ntp server <*>";
    }
}
firewall {
    /* ... */
           term accept-ntp {
                from {
                    source-prefix-list {
                        ntp-servers;
                    }
                    protocol udp;
                    port ntp;
                }
                then {
                    policer management-1m;
                    accept;
                }
            }
}

(see
<https://forums.juniper.net/jnet/attachments/jnet/DayOneArchive/77/5/Securing_RouteEngine_v2.pdf>
for more details).
-- 
Keep it simple to make it faster.
            - The Elements of Programming Style (Kernighan & Plauger)

Follow-Ups:
- NTP for ASBRs?
  - From: kenneth.mcrae at me.com (Kenneth McRae)
- NTP for ASBRs?
  - From: mark.tinka at seacom.mu (Mark Tinka)
- NTP for ASBRs?
  - From: adamv0025 at netconsultings.com (adamv0025 at netconsultings.com)

References:
- NTP for ASBRs?
  - From: lprehn at mpi-inf.mpg.de (Lars Prehn)

Prev by Date: EXERCISE: 2019 IAA Planetary Defence Conference - Day 5 Scenario
Next by Date: NTP for ASBRs?
Previous by thread: NTP for ASBRs?
Next by thread: NTP for ASBRs?
Index(es):
- Date
- Thread