Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
2
Replies

Restricting NTP mode 6 queries

domelro2
Level 1
Level 1

‎02-05-2025 10:25 AM

Does anyone know how to restrict NTP mode 6 queries on a Cisco ISR 4431 router? Any help would help appreciated. This is in response to potential UDP-based Amplification attacks.

10.0.0.0.1 192.168.1.254
Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎02-05-2025 10:59 AM

@domelro2 

ip access-list extended NTP
permit ip host 10.1.1.1 any
permit ip any host 10.1.1.1
ntp access-group serve-only NTP
 
There are a few suggestions to fix this on the forum. 
 
0 Helpful

mike-marquez-ctr
Level 1
Level 1

‎02-06-2025 07:06 AM

we added the following to the config and it mitigates the vulnerability :

ntp allow mode control 3

also see this link for more info:

https://community.cisco.com/t5/network-management/ntp-allow-mode-control/td-p/4596164

 

 

0 Helpful
Customers Also Viewed These Support Documents