[ntp:questions] ntp mode 6 nessus scan vulnerability
snehabadardinni at gmail.com
Thu Apr 6 14:58:06 UTC 2017
Thanks so much Brian will try this.
On Wed, Apr 5, 2017 at 7:00 PM, Brian Inglis <
Brian.Inglis at systematicsw.ab.ca> wrote:
> On 2017-04-05 03:56, sneha b wrote:
> > I am using ntp4.2.8P9, and nessus scan is reporting ntp mode 6
> > scanner vulnerability.
> > Can some one please help me how to fix this.
> Mode 6 queries are used by ntpq - allowing these is normal to
> support server management, monitoring, logging and alerts.
> To disable ntpq queries add noquery to your default restrict
> statements in ntp.conf:
> restrict default ... noquery
> restrict -4 default ... noquery
> restrict -6 default ... noquery
> or better, just ignore everything:
> restrict default ignore
> restrict -4 default ignore
> restrict -6 default ignore
> You may also want to limit interaction with upstream servers:
> restrict source nomodify notrap [noquery] [nopeer]
> but you can not use nopeer if you use any pool servers or *cast
> servers or clients, but in those cases it would be advisable to
> add the noquery, as you don't know who's on the other end.
> I personally consider it would be rude to not allow known public
> sources providing me a service to query mine, so I would add
> restrict rules without noquery for each of those servers, and I
> would also not add nopeer, although both may be advisable for
> organizations, if not using the pool.
> Limit your:
> restrict <subnet-address>
> restrict <subnet-address> noserve [monitoring only]
> ntp.conf statements which remove all restrictions to the localhost
> and management subnets, and ensure that nessus is not being run
> from within your management or monitoring subnets, as you have to
> have some way to manage, monitor, log, and generate alerts about,
> NTP servers.
> Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
> questions mailing list
> questions at lists.ntp.org
More information about the questions