NTP Configuration on NetScaler to Avoid Traffic Amplification Attack

This article has information on configuring Network Time Protocol (NTP) on NetScaler to prevent traffic amplification attack.


Good understanding of NetScaler and NTP.


NTP amplification attack might appear in security scans.


To configure NTP on NetScaler to prevent traffic amplification attacks, complete the following step:

  1. Replace the following line (if it exists) in “ntp.conf” file with those mentioned in Step 2:

    > restrict default ignore

  2. Add the following lines in file “/etc/ntp.conf”:

    # By default, exchange time with everybody, but don’t allow configuration:

    restrict -4 default kod notrap nomodify nopeer noquery

    restrict -6 default kod notrap nomodify nopeer noquery

    # Local users may interrogate the ntp server more closely:

    restrict -4

    restrict -6 ::1

  3. Restart NTP using the following command:

    root@ns# sh /mpsconfig/ntpd_start

Additional Resources

CVE-2013-5211- Vulnerability Summary for CVE-2013-5211


Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload.

Note: The NTP feature is enabled by default.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:

Security Impact Rating: Medium

CVE: CVE-2019-1967


  • No Related Posts

Behavior of 'Preferred' Option when two NTP servers are added

The Prefer option is an NTP level setting. Not only the ADC, but all devices conform to the rules in the RFC : http://doc.ntp.org/3-5.93e/prefer.html

Case 1: When 2 NTP servers are added with preferred option as YES set for both servers.

-It uses mitigation rules defined in the RFC. http://doc.ntp.org/3-5.93e/prefer.html (Please refer to the Mitigation Rules section)

Case 2: When 2 NTP servers are added with preferred option as YES set for one server, and NO for the other server

-The appliance synchronizes with that particular server first which has preferred option as YES.


NTP not synchronized on Advanced Threat Protection

I need a solution

HI Team,

After running the “status_check” command in Symantec ATP’s CLI i am getting following message:

NTP                                             NOT synchronized!
                                                Please fix NTP configuration, else
                                                the appliance may not function properly.

We are using  Domain Controller (DC) as NTP server. 

As per the symantec KB article:


if the time servers is a DC, change


LocalClockDispersion from 10 to 0.

I have cheked the same with DC team but they informed me that only Symantec ATP team only reported the error.

No other applications or services team has reported the issue.

DC team can not do the aforementioned changes in their DC server cause it might impact many applications,services and servers in environment.

Can you guys help me with workaround to fix this issue??

Quick response will be appreciated. 



NTP: Tried all configured servers. Unable to obtain NTP update due to NTP server errors

I need a solution

Hi Team,

We are receving below message intermittently in Event logs. I do checked NTP servers all are responding. DNS also fine.

2019-02-28 02:06:54+08:00CST  “NTP: Tried all configured servers. Unable to obtain NTP update due to NTP server errors.”  0 90000:1 Mailed ntp.cpp:880

Before this message we are receiving DNS error looking up for all NTP servers. Attached snap for the same.

Can you please let me know where can be the issue? Is this bug? How to troubleshooting this issue?





Time not getting sync on XenServer with NTP

High NTP offset and jitter while delay is low. This can be seen with “ntpq -p”.

Offset is the time difference between the local server and remote

Jitter is the difference between the last and current offset measurements, thus if it is high, it means that the offset is increasing more over time.

Delay is the time that it takes to communicate with the remote server. A low delay means that the issue is not related to network delays.

This measurements tell that NTP is not being able to discipline the clock as it drifts faster than it is able to sync.


  • No Related Posts