KB2014.129
FAQ: Is Domain Time susceptible to ntpd vulnerabilities or being used in NTP amplification attacks?

This article applies to Domain Time II.

Last Updated: 11 Dec 2019

Question

    FAQ: Is Domain Time susceptible to ntpd vulnerabilities or being used in NTP amplification attacks?

Answer

    Domain Time is typically not susceptible to ntpd vulnerabilities because it is not ported from ntpd and does not use any ntpd code.

    Domain Time is also not susceptible to being used in NTP amplification attacks (see below for ways to disable this). These attacks work by returning a large amount of data to a spoofed IP source address in response to a relatively small request packet. These attacks depend upon NTP clients responding to certain specific status reporting functions commonly found in NTP time clients ported from the typical ntpd daemon in standard use on UNIX/Linux. Domain Time does not implement these ntpd-specific auxilliary status reporting functions, therefore we do not respond to the spoofed attack packets.

    Note: Domain Time Server (if the NTP protocol is enabled) and Domain Time Client (if the NTP Broadcast Listener is enabled) can respond to several specific ntpq queries: ntpq -np, ntpdate -q, and/or ntpd -c nv. These commands typically do not respond with large amounts of data, so they are unlikely to be used in amplification attacks. However, on Domain Time version 5.2.b.20140101 or later, these responses (including all NTP Mode 6 commands) can be disabled if desired by setting the following registry value to True:

        HKEY_LOCAL_MACHINE\SOFTWARE\Greyware\Domain Time Server[Client]\Parameters\NTP Query Disabled

Domain Time II Software distributed by Microsemi, Inc.
Documentation copyright © 1995-2021 Greyware Automation Products, Inc.
All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.