Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3853
Views
5
Helpful
2
Replies

Nessus Vulnerability: The remote NTP server responds to mode 6 queries.

pozoteleco
Level 1
Level 1

‎11-18-2019 11:49 PM

In a recent auditory, the cibersecurity department found this vulnerability:

 

The remote NTP server responds to mode 6 queries. Devices that respondto these queries have the potential to be used in NTP amplificationattacks. An unauthenticated. remote attacker could potentially exploitthis. via a specially crafted mode 6 query. to cause a reflecteddenial of service condition.

 

How to solve this?

 

I have the following configuration in the Core Network device for NTP service:

 

ntp allow mode control 10
ntp master 3
ntp update-calendar
ntp server X.X.X.X maxpoll 15 minpoll 10
ntp server hora.roa.es minpoll 10 prefer

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

‎11-18-2019 11:54 PM

Hi there,

Check one of the bug listings around this vulnerability. Your immediate options are to implement NTP access-groups, interfaces ACLs and CoPP. All of this are susceptible to source address spoofing.

The real fix is to upgrade your system software to a version which supports the command:

!
ntp allow mode control xx
!

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCum44673/?rfs=iqvred

 

cheers,

Seb.

bhushanwankhade930
Level 1
Level 1
In response to Seb Rupik

‎01-20-2020 01:27 AM

Thanks Seb!

0 Helpful
Customers Also Viewed These Support Documents