11-18-2019 11:49 PM
In a recent auditory, the cibersecurity department found this vulnerability:
The remote NTP server responds to mode 6 queries. Devices that respondto these queries have the potential to be used in NTP amplificationattacks. An unauthenticated. remote attacker could potentially exploitthis. via a specially crafted mode 6 query. to cause a reflecteddenial of service condition.
How to solve this?
I have the following configuration in the Core Network device for NTP service:
ntp allow mode control 10
ntp master 3
ntp update-calendar
ntp server X.X.X.X maxpoll 15 minpoll 10
ntp server hora.roa.es minpoll 10 prefer
11-18-2019 11:54 PM
Hi there,
Check one of the bug listings around this vulnerability. Your immediate options are to implement NTP access-groups, interfaces ACLs and CoPP. All of this are susceptible to source address spoofing.
The real fix is to upgrade your system software to a version which supports the command:
! ntp allow mode control xx !
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCum44673/?rfs=iqvred
cheers,
Seb.
01-20-2020 01:27 AM
Thanks Seb!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide