[ntp:questions] ntp mode 6 nessus scan vulnerability
Brian.Inglis at SystematicSw.ab.ca
Wed Apr 5 13:30:09 UTC 2017
On 2017-04-05 03:56, sneha b wrote:
> I am using ntp4.2.8P9, and nessus scan is reporting ntp mode 6
> scanner vulnerability.
> Can some one please help me how to fix this.
Mode 6 queries are used by ntpq - allowing these is normal to
support server management, monitoring, logging and alerts.
To disable ntpq queries add noquery to your default restrict
statements in ntp.conf:
restrict default ... noquery
restrict -4 default ... noquery
restrict -6 default ... noquery
or better, just ignore everything:
restrict default ignore
restrict -4 default ignore
restrict -6 default ignore
You may also want to limit interaction with upstream servers:
restrict source nomodify notrap [noquery] [nopeer]
but you can not use nopeer if you use any pool servers or *cast
servers or clients, but in those cases it would be advisable to
add the noquery, as you don't know who's on the other end.
I personally consider it would be rude to not allow known public
sources providing me a service to query mine, so I would add
restrict rules without noquery for each of those servers, and I
would also not add nopeer, although both may be advisable for
organizations, if not using the pool.
restrict <subnet-address> noserve [monitoring only]
ntp.conf statements which remove all restrictions to the localhost
and management subnets, and ensure that nessus is not being run
from within your management or monitoring subnets, as you have to
have some way to manage, monitor, log, and generate alerts about,
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
More information about the questions