Spectracom - Essential Ingenuity

NetClock 9300/9200 Series

Dirty COW Vulnerability

Spectracom products running LINUX are only susceptible if an attacker is able to successfully authenticate with the product and gain shell access.

Synchronizing Windows Computers

Microsoft Windows PCs (such as Windows XP, 2000, 2003, 2008, 7, etc) can be configured to sync to a Spectracom NTP time server. Many newer versions of Windows use the built-in "Windows Time Service (aka W32Time) for external time synchronization. Spectracom's "Synchronizing Windows Computers" Tech Note assists with configuring Windows computers..

NTP Vulnerabilities Prior to Version 4.2.8p4

Thirteen low and medium severity vulnerabilities were identified in NTP versions 4.2.8p3 and earlier. This affects SecureSync and NetClock 9400 products running SW versions 5.3.0 and earlier, and all NetClock 9200/9300 product versions.

9300 Series NetClock Terminal Blocks

Manufacturers part numbers for the 9300 Series Netclock rear panel terminal block connectors

How Does a Leap Second Affect My GPS Time Server

Spectracom GPS time servers automatically manage the leap second correction. They follow GPS, NTP, and PTP specifications so no user interaction is required. We recommend evaluation and testing your NTP clients' ability to correctly manage a leap second event.

NTP Vulnerabilities Prior to Version 4.2.8

On December 18, 2014, several NTP vulnerabilities were published as CVE-2014-9293 thru 9296. The vulnerabilities are based on queries from an unknown entity. By default external queries are turned off in SecureSync and NetClock products and are appropriate mitigation against these vulnerabilities.

Bash Bug Susceptibility

Bash is used in Spectracom's NetClock 9200, 9300, 9400 and SecureSync network applicance although the risk is minimal. This article describes the patch schedule, analysis of risk, and recommendations for those who are concerned about the vulnerability.

POODLE Vulnerability

How to mitigate the POODLE vulnerability by disabling SSLv3, before Spectracom software fixes for SecureSync and 9400 models will eliminate the issue.

Are Spectracom Products Susceptible to the Heartbleed Bug?

The vulnerability in Open SSL, known as the Heartbleed bug, makes some Spectracom products susceptible. A software patch fixes the bug. Alternatively network access controls, shutting down the management port, and changing user passwords are mitigating actions.

Reset the admin password for NetClock 9200 and 9300

If the NetClock Model 9300/9200 series time server's admin password is no longer known, it will need to be reset back to the factory default password to restore access. Software versions 3.6.0 and higher allow the admin password to be able to be reset via an RS-232 connection. Earlier versions of software (Versions 3.5.0 and below) require a Compact Flash card inside the time server be changed, to reset the password back to the default value.

Verifying NTP Queries are Disabled in NetClock 9200/9300

Potential Vulnerability CVE-2013-5211 is associated with “Monlist”, an available feature of NTP’s NTPDC functionality. The Spectracom Model 9300 and 9200 series NTP time servers allow NTPQ/NTDC (and therefore, also Monlist) to be disabled (these are both disabled by factory default) to mitigate this potential vulnerability. Note that NTPQ and NTPDC being disabled does not affect the operation of NTP synchronizing clients on the network.

Reporting the time offset between a Windows PC and NTP server

Windows w32tm has a utility called "stripchart" which can provide periodic (such as every two seconds by default) time differences between a Windows PC and an NTP server on the network. This can either be the same NTP server that it normally syncs with, or any other NTP server on the network.

Redundant NTP Servers for Automatic Failover

Most newer Models of NTP time servers can be NTP peered together for continued NTP operation upon loss of GPS reception. NTP clients can often be configured to get time from more than one NTP server for automatic fail-over capability (this is dependent upon the NTP client software running on the clients).

Replacement Power Pack for Models 9283 or 9289

The NTP time server Models 9283, and 9289 use an external power pack for its input power A 12vdc power pack is used. unless an Optional Rubidium oscillator is installed . This Option required a 24vdc power pack, instead.

Replacement Power Pack for Models 9383 and 9389

The NTP time server Models 9383 and 9389 use an external power pack for its input power. A 12vdc power pack is used, unless an Optional Rubidium oscillator is installed. This Option requires a 24vdc power pack, instead. Replacement power packs are available from us.

Replacement Power Pack for Model 9388

The Ethernet time server Model 9388 use an external 12vdc power pack for its input power. Replacement power packs are available from us.

Replacement Power Pack for Model 9288

The NTP time server Model 9288 uses an external 12vdc power pack for its input power.

Using Automachron to Test a Spectracom NTP Server

Automachron (freeware) is a great utility for testing the NTP output of a Spectracom NTP time server.

Products

Products