03-27-2017 05:54 AM - edited 03-10-2019 12:48 AM
Hi All,
Recently I came across this vulnerability on Cisco network switches of "Network Time Protocol (NTP) Mode 6 Scanner" which in description had "The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected
denial of service condition" this statement.
After checking this error online I realized IOS of the switches needs to be upgraded to 15.2 or greater. below that all will have this Vulnerability.
So is there any workaround which can be configured to get rid of this Vulnerability to be Compliant.
Regards
Mohit
03-27-2017 12:05 PM
Blocking NTP using access-list?
03-31-2017 03:53 AM
if switches are inside LAN, so NTP is probably allready blocked by firewall from outside networks
10-10-2017 11:39 AM
only allowing your active devices on a mgmt network to access the ntp via an access list. Seperating the control and data plane traffic could help prevent this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide