Solved: Thanks, that explains it. I

vojtech.jaros · ‎05-02-2017

FYI: We are running IOS 15.2(4)E2 on our switch, but Nessus scan detected mode 6 still enabled in this IOS, although "15.2(4)E" is in Fixed releases.

ceasterday · ‎05-08-2017

I ran into this problem as well. New versions that have been fixed for this bug will still reply to NTP mode 6 requests, but they are now rate limited to avoid the amplification attack. See below.

• CSCum44673

Old behavior: By default it was allowed with no rate control through which hackers can bombard the router and ntp process.

New behavior: by default mode 6 control packets getting allowed with 3 second rate control. If required user can disable with no ntp allow mode control CLI

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-2SY/release_notes/release_notes_15_2_2SY.pdf

View solution in original post

ceasterday · ‎05-08-2017

I ran into this problem as well. New versions that have been fixed for this bug will still reply to NTP mode 6 requests, but they are now rate limited to avoid the amplification attack. See below.

• CSCum44673

Old behavior: By default it was allowed with no rate control through which hackers can bombard the router and ntp process.

New behavior: by default mode 6 control packets getting allowed with 3 second rate control. If required user can disable with no ntp allow mode control CLI

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-2SY/release_notes/release_notes_15_2_2SY.pdf

vojtech.jaros · ‎05-09-2017

Thanks, that explains it. I didn't notice that in release notes.

MaxFisher925 · ‎09-10-2019

When applying no ntp allow mode control, does this allow mode 6 queries without rate control effectively opening back up the vulnerability?

CSCum44673 - Limited Mode 6 denial-of-service vulnerability on NTP server and client - 15.2(4)E2 vulnerable?