cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16549
Views
0
Helpful
3
Replies

Network Time Protocol (NTP) Mode 6 Scanner Vulnerability on Cisco Devices

pankaj29in
Level 1
Level 1

Hi All,

Recently I came across this vulnerability on Cisco network switches of "Network Time Protocol (NTP) Mode 6 Scanner" which in description had "The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected
denial of service condition" this statement.

After checking this error online I realized IOS of the switches needs to be upgraded to 15.2 or greater. below that all will have this Vulnerability.

So is there any workaround which can be configured to get rid of this Vulnerability to be Compliant.

Regards

Mohit

3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

Blocking NTP using access-list?

if switches are inside LAN, so NTP is probably allready blocked by firewall from outside networks

k.langley
Level 1
Level 1

only allowing your active devices on a mgmt network to access the ntp via an access list. Seperating the control and data plane traffic could help prevent this.