LEAP Second Security Vulnerability - Urgent - Attention please answer ASAP.

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
When do LEAP Second Security Vulnerability will happen again in end of December 2016???

Is Vulnerability or 2015 002 or any Leap Second going to happen end of this December 2016???
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
  • anxious

Posted 1 year ago

  • 0
  • 1
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
Hi all, Kindly reply and really appreciate to your answer. 

Thanks.
Paul
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
the next leap second will be inserted on December 31, 2016, at 23:59:60 UTC. https://en.wikipedia.org/wiki/Leap_second 

Are Extreme Networks products vulnerable to  Leap Second? 

Is it going to effect to all extreme xos ???
(Edited)
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
i cannot upgrade to 16.2.1 due to hardware limitation.

so i can say that the issue Vulnerability may happen in December 31, 2016 right?

:(
Photo of Vellachery, Sumeesh

Vellachery, Sumeesh, Employee

  • 3,268 Points 3k badge 2x thumb
Paul,


Rightly said Ronald... :)

If you are running NTP. The workaround is to disable NTP at least 24 hours before the leap second.

Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
Vellachery / Ronald,

Noted and thanks. No choice i have to disable and enable ntp. :(
(Edited)
Photo of Vellachery, Sumeesh

Vellachery, Sumeesh, Employee

  • 3,268 Points 3k badge 2x thumb
Paul,

Pleasure assisting you..... :)
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
any different between this. 

Timezone:         [Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.


current my timezone is as SIN. Will still Vulnerability?

Timezone:         [Auto DST Disabled] GMT Offset: 480 minutes, name is SIN.

if yes. what time should i follow to disable ntp at UTC time? 
 Disable ntpd for at least 24 hours before leap second period (command: "disable ntp".)

The next leap second will be inserted on December 31, 2016, at 23:59:60 UTC.


For Singapore time. 

disable ntp at  07:59:30 AM, 1 January, 2017 SIN
enable ntp at  08:00:30 AM, 1 January, 2017 SIN
(Edited)
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,524 Points 5k badge 2x thumb
Paul,

The vulnerability does not depend on time zone if NTP module is present it can be affected.
EXOS version older than EXOS 16.2.1, and 21.1.1 are affected.

Here is an article for reference
https://gtacknowledge.extremenetworks...

If NTP module is present then disable ntp before 24 hours of the leap second insertion and Wait a day after the leap second and then re-enable NTP
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
Thanks Karthik,

so i no need to care about timezone on the switch. as long as i have enable NTP. I should disable it as below?

disable
 ntp at  23:59:00 PM, 30 Dec, 2017 
enable ntp at  23:59:0 PM, 1 January, 2017 
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
One more thing, our setup


NTP is running as a NTP server on the X450a-24x firmware 15.3.3.5 patch1-6 windows server (NTP client) is getting NTP time from Extreme X450a.

we are not getting any NTP from outside. NTP Server is Exteme x450a.
 
Will this setup also effected leap second Vulnerable?

Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,524 Points 5k badge 2x thumb
Paul,

That is correct, may be you have typo on the year.

disable ntp at 23:59:00 PM, 30 Dec, 2016 UTC
enable ntp at 23:59:00 PM, 1 Jan, 2017 UTC

The leap second insertion would happen on December 31, 2016, at 23:59:60 UTC.

would be fine.
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
One more thing, our setup 


NTP is running as a NTP server on the X450a-24x firmware 15.3.3.5 patch1-6 windows server (NTP client) is getting NTP time from Extreme X450a.

we are not getting any NTP from outside. NTP Server is Exteme x450a.
 
Will this setup also effected leap second Vulnerable?


-----------------------
Thanks Karthik,

sorry to keep asking as i need to understand my setup and this vulnerability issue. sorry my typo. thanks for correcting me.

I am really appreciate on your help and valuable advice. this Exteme HUB is really awesome with strong technical guru. 

Thanks again Karthik.
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,524 Points 5k badge 2x thumb
Paul,

" I do not think Windows server will be affected with leap second insertion.

Disclaimer : This information is taken from External source :)

Please check the Microsoft link and one external link

https://blogs.msdn.microsoft.com/mthr...

http://www.windowstricks.in/2015/06/i... "
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,524 Points 5k badge 2x thumb
As long as the switch X450a-24x do not get the leap second insertion packet it will remain unaffected.
Photo of Paul

Paul

  • 2,026 Points 2k badge 2x thumb
Hi Karthik,

Very informative. I greatly appreciate your help and input.

Regards,
Paul
Photo of Carsten Buchenau

Carsten Buchenau

  • 888 Points 500 badge 2x thumb
Paul, you are saying that your internal NTP server (x450a-24x) is NOT receiving time from an external NTP source - then you should be fine, but you have to question your NTP setup in general. As you would have to manually adjust the time on your x450 every now and then.

If you do use external NTP servers, or plan to do so, you can also have a look at servers that implement the so called "Leap smear", where the 1 second is not inserted as extra second, but distributed over a time of 20 hours (that is, for 20 hours the clock is running slightly slower). Like Google does:
https://developers.google.com/time/smear

carsten