Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8091
Views
50
Helpful
3
Replies

NTP Security Problem

marcio.tormente
Level 4
Level 4

‎04-11-2017 10:37 AM - edited ‎03-08-2019 10:10 AM

Hello folks!

I receive this message from a company who made a scan my network and they found a problem with the NTP on many switches.

"The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be
used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially
crafted mode 6 query, to cause a reflected denial of service condition."

Anyone knows how can I solve this problem in my switches?

Thanks

Marcio

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-11-2017 10:54 AM

Hi,

Not sure what type of switches you have but if your IOS support it, you can block NTP or allow access from specific NTP server only. Have a look at this document for more info and example:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-xe-3se-3850-cr-book/bsm-xe-3se-3850-cr-book_chapter_00.html

HTH

Diana Karolina Rojas
Cisco Employee
Cisco Employee

‎04-11-2017 10:55 AM

Hello,

I recommend you apply access groups to your NTP configuration, here and example: 

access-list 90 permit X.X.X.X (IP NTP server1)
access-list 90 permit X.X.X.X (IP NTP server2)

ntp access-group query-only 90

That configuration was useful to mitigate the problem in my network.

---Do not forget to rate useful post---

Regards, 

Also I recommend you read this post: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCum44673/?referring_site=bugquickviewredir

lax_dannyz
Level 1
Level 1
In response to Diana Karolina Rojas

‎04-27-2018 08:27 AM

^bump

0 Helpful
Customers Also Viewed These Support Documents