2

I'm trying to shutdown/disable the ntp daemon running on a Juniper SRX-240 (junos 11.4), but the obvious solution is apparently not valid for this hardware/software combination.

Mads Ravn
  • 145
  • 1
  • 5

1 Answers1

1

I don't know if you can stop the daemon entirely, but you can just delete the NTP section of the configuration.

From configuration mode:

delete system ntp
commit
SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
  • I've figured that the link in question was related to another device/software version - but thanks for confirming this. I settled on simply firewalling the service of I'm afraid this will not stop the daemon (just leave it running with no configured hosts), so it will still be vulnerable to the attack outlined here https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks If I'm wrong about this, then please let me know. Otherwise I will leave the answer unaccepted. – Mads Ravn Feb 13 '14 at 08:33
  • On SRX kernel interfaces are protected. Under the security zones you can choose which host protocols are allowed to be reached – SpacemanSpiff Feb 14 '14 at 00:34
  • Ok, so what I wish to do is not possible. – Mads Ravn Feb 14 '14 at 13:01