Disable NTP on Juniper SRX-240

Question

I'm trying to shutdown/disable the ntp daemon running on a Juniper SRX-240 (junos 11.4), but the obvious solution is apparently not valid for this hardware/software combination.

Your link above is to an ERX device, totally different OS, that's why its not working. — SpacemanSpiff, Feb 11 '14 at 19:45

score 1 · Accepted Answer · answered Feb 11 '14 at 18:57

1

I don't know if you can stop the daemon entirely, but you can just delete the NTP section of the configuration.

From configuration mode:

delete system ntp
commit

answered Feb 11 '14 at 18:57

SpacemanSpiff

8,733
1
23
35

I've figured that the link in question was related to another device/software version - but thanks for confirming this. I settled on simply firewalling the service of I'm afraid this will not stop the daemon (just leave it running with no configured hosts), so it will still be vulnerable to the attack outlined here https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks If I'm wrong about this, then please let me know. Otherwise I will leave the answer unaccepted. – Mads Ravn Feb 13 '14 at 08:33
On SRX kernel interfaces are protected. Under the security zones you can choose which host protocols are allowed to be reached – SpacemanSpiff Feb 14 '14 at 00:34
Ok, so what I wish to do is not possible. – Mads Ravn Feb 14 '14 at 13:01

Disable NTP on Juniper SRX-240

1 Answers1