[ntp:security] Nessus identifies NTP as a security issue

jerry phillips jerry.phillips at cchmc.org
Fri Aug 25 12:14:54 UTC 2006


Security team scans of my Sun/Solaris 8 servers reveal that the NTP  
client and NTP server configurations are suspect. Can you please  
advise me? Below is the output from the Nessus scan.

"It is possible to determine a lot of information about the remote  
host by querying the NTP variables - these include OS descriptor, and  
time settings.

It is possible to gather the following information from the remote  
NTP host :

system='SunOS', leap=0, stratum=3, rootdelary=24.51,\r ...." etc.

"Quickfix: Set NTP to restrict default access to ignore all info  
restrict default ignore"

I implemented the following /etc/inet/ntp.conf file on a test server  
and the security team still claims that it is vulnerable.

# @(#)ntp.client        1.2     96/11/06 SMI
# /etc/inet/ntp.client
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.

server neo-a.chmcc.org
driftfile /var/ntp/ntp.drift
restrict default ignore
restrict mask nopeer noquery nomodify  
authenticate no

Any help would be greatly appreciated!

Thank you,

More information about the security mailing list