Network Time Protocol (NTP) Mode 6 Scanner

July 12, 2021 DbAppWeb Admin

NESSUS tool found below vulnerability on the scan of a Linux NTP server.

97861 – Network Time Protocol (NTP) Mode 6 Scanner

Synopsis

The remote NTP server responds to mode 6 queries.

Description

The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 queries, to cause a reflected denial of service condition.

Solution

Restrict NTP mode 6 queries

Follow the steps given below to restrict NTP mode 6 queries on an NTP server:

To restrict NTP mode 6 queries on an NTP server, edit the /etc/ntp.conf file and add the below line of code as shown below:
```
# vi /etc/ntp.conf

.
.
restrict -6 default kod nomodify notrap nopeer noquery
.
.
```

Save the file and restart the NTP service using the below command.

# service ntpd restart
Shutting down ntpd:                                        [  OK  ]
Starting ntpd:                                             [  OK  ]

Now, NTP mode 6 queries have been disabled on your server. You may verify it by running the NESSUS tool once again.

Last Updated: July 12, 2021

Tags:Linux NTP Server RedHat Linux

Leave a Reply Cancel Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.