[ntp:security] Nessus identifies NTP as a security issue

jerry phillips jerry.phillips at cchmc.org
Fri Aug 25 12:14:54 UTC 2006


Greetings,

Security team scans of my Sun/Solaris 8 servers reveal that the NTP  
client and NTP server configurations are suspect. Can you please  
advise me? Below is the output from the Nessus scan.

"It is possible to determine a lot of information about the remote  
host by querying the NTP variables - these include OS descriptor, and  
time settings.

It is possible to gather the following information from the remote  
NTP host :

system='SunOS', leap=0, stratum=3, rootdelary=24.51,\r ...." etc.

"Quickfix: Set NTP to restrict default access to ignore all info  
packets:
restrict default ignore"

I implemented the following /etc/inet/ntp.conf file on a test server  
and the security team still claims that it is vulnerable.

# @(#)ntp.client        1.2     96/11/06 SMI
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#

server neo-a.chmcc.org
multicastclient 224.0.1.1
driftfile /var/ntp/ntp.drift
restrict default ignore
restrict 205.142.199.172 mask 255.255.255.0 nopeer noquery nomodify  
notrap
restrict 127.0.0.1
authenticate no

Any help would be greatly appreciated!

Thank you,
jerry


More information about the security mailing list